SAP Security Architect

Security Architecture (50%): The Architect will be responsible for the design and architecture of net new security systems and major improvements to existing systems. This would include Access Management, Privileged Identity Management or other security critical systems.

Security Design Review (25%): The Architect will conduct Security Design Reviews on new SAP system development/applications that are rated as high risk development activities either by size or by security risk profile. In this role, the architect will be acting as an advisor/consultant working with the project teams to ensure appropriate security controls are integrated into the solution design.

Security Risk Assessment (25%): The Architect will assess existing high-risk systems to ensure they are in full compliance with both the IS Security policy and industry best practices/standards. In cases of non-compliance, the Security Architect will work with the team to either correct any deficiencies, or to develop appropriate risk acceptance/policy exception as the need arises.

Responsibilities:

• Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
• Design and implement SAP security solutions, including role-based access control and authorization concepts
• Manage SAP roles and authorizations across SAP platforms like S/4HANA, FIORI, SuccessFactors and Concur
• Conduct regular security audits, risk assessments, and penetration tests
• Monitor and analyze security logs to detect and respond to threats
• Lead the implementation and management of SAP GRC (Governance, Risk, and Compliance) modules
• Ensure compliance with regulatory standards such as GDPR, SOX, and ISO 27001
• Collaborate with cross-functional teams to align security strategies with business needs
• Develop and maintain security documentation, policies, and procedures
• Deliver training and mentorship on SAP security best practices
• Participate in disaster recovery planning and incident response

Qualifications:

• College/University degree in Computer Science, Engineering or related field (or equivalent experience)
• Post-graduate degree, with a focus in Information Security, Risk Management or Incident Response would be an asset
• 5-10 years of progressive experience in senior technology / IT roles
• Deep understanding of SAP GRC or Identity Access Governance (IAG) including role design and compliance frameworks
• Demonstrable experience in SAP Security Architecture, especially with S/4HANA, FIORI, SuccessFactors and Concur
• Familiarity with industry security standards and regulatory requirements
• SAP Security and/or GRC certifications preferred