Security Architect – SAP & Enterprise Platforms, Identity & Access Management

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• 8+ years of experience in application security, security architecture, or enterprise IT security.
• 5+ years of hands on experience with SAP security architecture.
• 5+ years in IAM architecture, design, or senior engineering roles.
• Strong expertise in: SAP security (roles/authorizations, S/4HANA, Fiori, GRC), Identity & Access Management (IAM), Application security principles and SDLC, Cloud and hybrid architectures
• Solid understanding of: Network, OS, and database security concepts, Secure integration patterns (REST, APIs, middleware), Logging, monitoring, and incident response integration,
• Deep expertise in IAM, including: Identity lifecycle management, Access governance, Federation & SSO, PAM
• Strong knowledge of: Active Directory, Entra ID / Azure AD, Cloud IAM concepts, Authentication protocols (SAML, OAuth, OIDC),
• Familiarity with IAM platforms (e.g., Saviynt, CyberArk, BeyondTrust, Okta, Azure IAM).
• Strong analytical and problem solving skills.
• Ability to explain complex security concepts to technical and non technical audiences.
• Experience influencing without authority in matrix organizations.
• Excellent documentation and communication skills.
• Strong architectural and analytical thinking
• Ability to balance security, usability, and automation
• Leadership without authority and agility to influence

Responsibilities

• Define and maintain end to end security architecture for SAP (ECC, S/4HANA, BTP, Fiori, GRC) and non SAP enterprise platforms (custom apps, SaaS, COTS).
• Define and maintain the enterprise IAM architecture, roadmaps, and reference designs.
• Lead IAM strategy aligned with Zero Trust, Identity First Security, and cloud adoption.
• Establish standards for authentication, authorization, identity lifecycle, and privileged access.
• Embed security by design principles into application development, integrations, and system landscapes.
• Review solution designs and provide security architecture sign off.
• Design robust SAP security models including roles, authorizations, and SoD controls.
• Define SAP user lifecycle, privilege access, and logging/monitoring standards.
• Advise on SAP GRC, access controls, emergency access (Firefighter), and compliance configuration.
• Support SAP transformations (S/4HANA, cloud, RISE, hybrid landscapes).
• Architect security controls for non SAP applications, APIs, middleware, and cloud services (IaaS, PaaS, SaaS).
• Define standards for authentication, authorization, encryption, secrets management, and secure integrations.
• Support IAM, SSO, MFA, and directory integrations (e.g., Entra ID, LDAP).
• Design Joiner Mover Leaver (JML) processes and automated provisioning/deprovisioning.
• Architect access governance controls including: User Access Reviews (UAR), Segregation of Duties (SoD), Role Based / Attribute Based Access Control (RBAC / ABAC)
• Integrate IAM with HR, ITSM, and GRC platforms.
• Architect secure authentication mechanisms (MFA, passwordless, conditional access).
• Design federation and SSO integrations (SAML, OAuth 2.0, OIDC).
• Support B2E, B2B, and B2C identity scenarios where required.
• Design PAM architecture for administrative, service, and privileged user accounts.
• Enforce least privilege, session monitoring, credential vaulting, and just in time access.
• Integrate PAM controls across infrastructure, applications, and cloud platforms.
• Design IAM controls for cloud platforms (Azure / AWS / GCP).
• Integrate IAM with enterprise applications (e.g., SAP, ERP, SaaS platforms).
• Ensure secure API and service identity design
• Align application security architecture with enterprise security frameworks and policies.
• Support regulatory and audit requirements (e.g., SOX, GDPR, ISO 27001).
• Perform threat modeling, security risk assessments, and control gap analysis.
• Define security standards, patterns, and reference architectures.
• Partner with application owners, developers, infrastructure, and cloud teams.
• Act as a security SME for projects, incidents, and design reviews.
• Contribute to security roadmap planning and technology selection.

Benefits

• Generous and complete benefit coverage with group insurance
• Group retirement plan with employer contribution
• Telemedicine and assistance program for employees and their families
• Employee Share Ownership Plan with an employer match
• Paid Parental Leave program
• Paid time off: Sick days, floater days and volunteer day off
• Opportunity to contribute to a collective RRSP & TFSA
• Training and development programs
• Saputo Flex Program, flexible work environment (schedule/location/time off) according to department needs
• Organized activities for employees and their families
• Advantageous discounts on Saputo products