More jobs:
Job Description & How to Apply Below
Our Toronto/Montreal based client is seeking an experienced SAP Security Architect to join their team on a full time permanent basis. The ideal candidate should have 8+ years of experience in application security, security architecture, or enterprise IT security, with at least 5 of those years focused specifically on SAP security architecture and IAM architecture in design or senior engineering roles.
This individual should possess deep expertise across SAP security (roles/authorizations, S/4
HANA, Fiori, GRC), Identity & Access Management (IAM), application security principles and SDLC, as well as cloud and hybrid architectures.
Key Responsibilities:
- Architect access governance controls including User Access Reviews (UAR), Segregation of Duties (SoD), and Role-Based / Attribute-Based Access Control (RBAC / ABAC).
- Define and maintain end-to-end security architecture for SAP (ECC, S/4
HANA, BTP, Fiori, GRC) and non-SAP enterprise platforms (custom apps, SaaS, COTS). - Define and maintain the enterprise IAM architecture, roadmaps, and reference designs.
- Lead IAM strategy aligned with Zero Trust, Identity-First Security, and cloud adoption.
- Establish standards for authentication, authorization, identity lifecycle, and privileged access.
- Embed security-by-design principles into application development, integrations, and system landscapes.
- Review solution designs and provide security architecture sign-off.
- Design robust SAP security models including roles, authorizations, and SoD controls.
- Define SAP user lifecycle, privilege access, and logging/monitoring standards.
- Advise on SAP GRC, access controls, emergency access (Firefighter), and compliance configuration.
- Support SAP transformations (S/4
HANA, cloud, RISE, hybrid landscapes). - Architect security controls for non-SAP applications, APIs, middleware, and cloud services (IaaS, PaaS, SaaS).
- Define standards for authentication, authorization, encryption, secrets management, and secure integrations.
- Support IAM, SSO, MFA, and directory integrations (e.g., Entra , LDAP).
- Design Joiner-Mover-Leaver (JML) processes and automated provisioning/deprovisioning.
- Integrate IAM with HR, ITSM, and GRC platforms.
- Architect secure authentication mechanisms (MFA, passwordless, conditional access).
- Design federation and SSO integrations (SAML, OAuth 2.0, OIDC).
- Support B2E, B2B, and B2C identity scenarios where required.
- Design PAM architecture for administrative, service, and privileged user accounts.
- Enforce least privilege, session monitoring, credential vaulting, and just-in-time access.
- Integrate PAM controls across infrastructure, applications, and cloud platforms.
- Design IAM controls for cloud platforms (Azure / AWS / GCP).
- Integrate IAM with enterprise applications (e.g., SAP, ERP, SaaS platforms).
- Ensure secure API and service identity design.
- Align application security architecture with enterprise security frameworks and policies.
- Support regulatory and audit requirements (e.g., SOX, GDPR, ISO 27001).
- Perform threat modeling, security risk assessments, and control gap analysis.
- Define security standards, patterns, and reference architectures.
- Partner with application owners, developers, infrastructure, and cloud teams.
- Act as a security SME for projects, incidents, and design reviews.
- Contribute to security roadmap planning and technology selection.
- Must be legally authorized to work in Canada.
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×