Security Architect – SAP & Enterprise Platforms, Identity & Access Management

Overview of the role:

Saputo is seeking for a Security Architect SAP & Non SAP Platforms who will be responsible for designing governing and continuously improving security architectures across SAP landscapes and non SAP enterprise applications. This role ensures that security controls are embedded by design aligned with business needs regulatory requirements and industry best practices while supporting digital transformation initiatives such as SAP S/4HANA cloud adoption and system integrations.

Security Architect is responsible for defining designing and governing enterprise Identity & Access Management architecture across on premises cloud and SaaS platforms. This role ensures that identity services enable the business securely at scale and in compliance with regulatory and audit requirements

The architect acts as a trusted advisor to IT business and risk stakeholders balancing security usability and operational efficiency.

How you will make contributions that matter:

Security Architecture & Design

• Define and maintain end to end security architecture for SAP (ECC S/4HANA BTP Fiori GRC) and non SAP enterprise platforms (custom apps SaaS COTS).

• Define and maintain the enterprise IAM architecture roadmaps and reference designs.

• Lead IAM strategy aligned with Zero Trust Identity First Security and cloud adoption.

• Establish standards for authentication authorization identity lifecycle and privileged access.

• Embed security by design principles into application development integrations and system landscapes.

• Review solution designs and provide security architecture sign off.

SAP Security

• Design robust SAP security models including roles authorizations and SoD controls.

• Define SAP user lifecycle privilege access and logging/monitoring standards.

• Advise on SAP GRC access controls emergency access (Firefighter) and compliance configuration.

• Support SAP transformations (S/4HANA cloud RISE hybrid landscapes).

Non SAP & Enterprise Security

• Architect security controls for non SAP applications APIs middleware and cloud services (IaaS PaaS SaaS).

• Define standards for authentication authorization encryption secrets management and secure integrations.

• Support IAM SSO MFA and directory integrations (e.g. Entra ID LDAP).

Identity Lifecycle & Access Governance

• Design Joiner Mover Leaver (JML) processes and automated provisioning/deprovisioning.

• Architect access governance controls including: User Access Reviews (UAR) Segregation of Duties (SoD) Role Based / Attribute Based Access Control (RBAC / ABAC)

• Integrate IAM with HR ITSM and GRC platforms.

Authentication & Authorization

• Architect secure authentication mechanisms (MFA passwordless conditional access).

• Design federation and SSO integrations (SAML OAuth 2.0 OIDC).

• Support B2E B2B and B2C identity scenarios where required.

Privileged Access Management (PAM)

• Design PAM architecture for administrative service and privileged user accounts.

• Enforce least privilege session monitoring credential vaulting and just in time access.

• Integrate PAM controls across infrastructure applications and cloud platforms.

Cloud SaaS and Application Integration

• Design IAM controls for cloud platforms (Azure / AWS / GCP).

• Integrate IAM with enterprise applications (e.g. SAP ERP SaaS platforms).

• Ensure secure API and service identity design

Governance Risk & Compliance

• Align application security architecture with enterprise security frameworks and policies.

• Support regulatory and audit requirements (e.g. SOX GDPR ISO 27001).

• Perform threat modeling security risk assessments and control gap analysis.

• Define security standards patterns and reference architectures.

Collaboration & Advisory

• Partner with application owners developers infrastructure and cloud teams.

• Act as a security SME for projects incidents and design reviews.

• Contribute to security roadmap planning and technology selection.

You are best suited for the role if you have the following qualifications:

• Bachelors degree in Computer Science Information Security or related field (or equivalent experience).

• 8 years of experience in application security security architecture or enterprise IT security.

• 5 years of hands on experience with SAP security architecture.

• 5 years in IAM architecture design or senior engineering roles.

• Strong expertise in: SAP security (roles/authorizations S/4HANA Fiori GRC) Identity & Access Management (IAM) Application security principles and SDLC Cloud and hybrid architectures

• Solid understanding of: Network OS and database security concepts Secure integration patterns (REST APIs middleware) Logging monitoring and incident response integration Deep expertise in IAM including: Identity lifecycle management Access governance Federation & SSO PAM

• Strong knowledge of: Active Directory Entra ID / Azure AD Cloud IAM concepts Authentication protocols (SAML OAuth OIDC) Familiarity with IAM platforms (e.g. Saviynt CyberArk BeyondTrust Okta Azure IAM).

• Strong analytical and problem solving skills.

• Ability to explain complex security concepts to technical and non technical audiences.

• Experience influencing without authority in matrix organizations.

• Excellent documentation and communication skills.

• Strong architectural and analytical thinking

• Ability to balance security usability and automation

• Leadership without authority and agility to influence

We support and take care of our employees and their families by offering :

• Generous and complete benefit coverage with group insurance

• Group retirement plan with employer contribution

• Telemedicine and assistance program for employees and their families

• Employee Share Ownership Plan with an employer match

• Paid Parental Leave program

• Paid time off: Sick days floater days and volunteer day off

• Opportunity to contribute to a collective RRSP & TFSA

• Training and development programs

• Saputo Flex Program flexible work environment (schedule/location/time off) according to department needs

• Organized activities for employees and their families

• Advantageous discounts on Saputo products

Salary: $117560 to $154300

*Salary offers will vary commensurate with experience education skills and training.

STATEMENT ON AI

All applications are carefully considered by our Talent Acquisition team.

Artificial Intelligence tools may be used in screening applications.

Artificial Intelligence is not used to assess or select applications.