Lead Cyber Security Engineer (Onsite)

Tyson Foods, Inc.Springdale, AR
2dOnsite
Match Resume

About The Position

The SAP Security & Platform Security Engineer is an experienced SAP and Workday security professional with deep expertise in SAP GRC, Workday security configuration, Emergency Access/Firefighter processes, and cross application Segregation of Duties and privileged access controls. This role is responsible for architecting secure integrations for SAP’s Joule AI capabilities and promoting Responsible AI and privacy by design principles. The engineer partners closely with IT, HRIS, Audit, Compliance, and business stakeholders to align SAP and Workday security with the enterprise Privileged Access Management (PAM) program, ensuring secure, compliant, and efficient access across the organization.

Requirements

  • SAP Security & GRC Expertise: 5–10+ years designing SAP roles and authorizations, managing GRC Access Control, and leading Firefighter, SoD analysis, and access risk remediation in S/4HANA and Fiori.
  • Workday Security Experience: 3–5+ years configuring Workday’s role-based security model, including domain policies, security groups, hierarchies, granular permissions, and SoD controls.
  • Privileged Access & Identity Management: Experience designing and operating PAM/EAM workflows, enforcing least privilege access, and supporting audit, monitoring, and compliance processes.
  • Cross Application SoD & Governance: Ability to define and manage SoD rulesets across SAP and Workday using platforms such as SAP IAG for unified risk visibility and mitigation.
  • AI & SAP Security Architecture: Understanding of SAP Business AI/Joule, IAS/IPS, SCIM provisioning, OIDC authentication, principal propagation, and AI security controls aligned with Responsible AI principles.
  • Education & Certifications: Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field; certifications such as CISSP, CISM, CISA, SAP Security/GRC, or Workday Security preferred.
  • Leadership & Communication: Strong ability to lead cross functional security initiatives and communicate complex IAM and AI security concepts to technical teams, business partners, auditors, and senior leadership.

Nice To Haves

  • SAP security design and GRC expertise
  • SoD analysis and cross application ruleset creation
  • SAP S/4HANA, Ariba, Concur, Fieldglass authorization knowledge
  • Workday security configuration and permission modeling
  • Workday hierarchies, security groups, and SoD controls
  • Privileged access management (PAM/EAM) operations
  • Emergency access workflows, logging, and auditing
  • SIEM and GRC platform integration
  • Identity federation (OIDC, SAML, OAuth 2.0)
  • SCIM/IPS based identity synchronization
  • AI security (encryption, masking, content filtering)
  • Responsible AI governance
  • JML governance and access certification
  • Risk mitigation and compensating controls
  • IAM roadmap and program planning
  • Cross functional leadership
  • Clear communication of complex security concepts
  • Strong collaboration with HR, IT, audit, and compliance teams
  • Analytical problem solving
  • Change management and process adoption
  • Leadership for large security initiatives
  • Team mentoring and capability development
  • Security awareness advocacy

Responsibilities

  • Lead the redesign and governance of SAP Emergency Access Management (Firefighter), including policy development, workflow design, automated logging and auditing, and stakeholder training.
  • Architect secure end-to-end SAP security for Business AI/Joule, integrating IAS/IPS, SCIM/IPS provisioning, Global User ID strategy, OIDC authentication, and user bound principal propagation.
  • Implement core AI security controls aligned with Responsible AI principles; including authentication, authorization, encryption, masking, content filtering, and RAG processes.
  • Establish a unified cross application Segregation of Duties (SoD) framework across SAP, Workday, and other enterprise systems, defining risks, rulesets, and mitigating controls.
  • Lead SoD and access risk remediation efforts by refining user access, adjusting roles, and coordinating with audit and compliance teams to meet SOX, GDPR, and regulatory requirements.
  • Integrate SAP and Workday privileged access requirements into the enterprise PAM framework and define standardized workflows for request, approval, usage, and revocation of elevated access.
  • Lead Workday security architecture, including security groups, domain policies, role hierarchies, permission models, and consistent least privilege design.
  • Oversee enterprise access governance, including periodic access reviews, JML processes, and certification cycles to prevent entitlement creep.
  • Act as the primary liaison across IT Security, HRIS, Audit, Compliance, and business stakeholders to ensure alignment of SAP and Workday security with PAM, SoD, and enterprise IAM strategies.
  • Conduct audits, risk assessments, and remediation planning while delivering clear reporting, training, and communication to stakeholders.

Benefits

  • paid time off
  • 401(k) plans
  • affordable health, life, dental, vision and prescription drug benefits

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Job Search Resources

Similar Lead Cyber Security Engineer (Onsite) job opportunities

Lead Cyber Security Architect/Engineer
Solstice Advanced Materials
Solstice Advanced Materials • Morris Plains, NJ11d • Remote
🔥 New JobCyber Security Engineer Technical Lead
Lockheed Martin
Lockheed Martin • Springfield, VA2d • Onsite
Lead Cyber Security Detection Engineer
Live Nation Entertainment
Live Nation Entertainment2d • Remote
Principal Cyber Engineer
RTX
RTX • Colorado Springs, CO8d • Onsite
Cyber Security Engineer
FirstKey Homes
FirstKey Homes7d
Cyber Security Engineer
AAA
AAA • Coppell, TX13d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service