Security Architect – SAP & Enterprise Platforms, Identity & Access Management

Overview of the role:

Saputo is seeking for a Security Architect – SAP & Non SAP Platforms who will be responsible for designing, governing, and continuously improving security architectures across SAP landscapes and non SAP enterprise applications. This role ensures that security controls are embedded by design, aligned with business needs, regulatory requirements, and industry best practices, while supporting digital transformation initiatives such as SAP S/4HANA, cloud adoption, and system integrations.

Security Architect is responsible for defining, designing, and governing enterprise Identity & Access Management architecture across on premises, cloud, and SaaS platforms. This role ensures that identity services enable the business securely, at scale, and in compliance with regulatory and audit requirements

The architect acts as a trusted advisor to IT, business, and risk stakeholders, balancing security, usability, and operational efficiency.

How you will make contributions that matter:

Security Architecture & Design

• Define and maintain end to end security architecture for SAP (ECC, S/4HANA, BTP, Fiori, GRC) and non SAP enterprise platforms (custom apps, SaaS, COTS).

• Define and maintain the enterprise IAM architecture, roadmaps, and reference designs.

• Lead IAM strategy aligned with Zero Trust, Identity First Security, and cloud adoption.

• Establish standards for authentication, authorization, identity lifecycle, and privileged access.

• Embed security by design principles into application development, integrations, and system landscapes.

• Review solution designs and provide security architecture sign off.

SAP Security

• Design robust SAP security models including roles, authorizations, and SoD controls.

• Define SAP user lifecycle, privilege access, and logging/monitoring standards.

• Advise on SAP GRC, access controls, emergency access (Firefighter), and compliance configuration.

• Support SAP transformations (S/4HANA, cloud, RISE, hybrid landscapes).

Non SAP & Enterprise Security

• Architect security controls for non SAP applications, APIs, middleware, and cloud services (IaaS, PaaS, SaaS).

• Define standards for authentication, authorization, encryption, secrets management, and secure integrations.

• Support IAM, SSO, MFA, and directory integrations (e.g., Entra ID, LDAP).

Identity Lifecycle & Access Governance

• Design Joiner Mover Leaver (JML) processes and automated provisioning/deprovisioning.

• Architect access governance controls including: User Access Reviews (UAR), Segregation of Duties (SoD), Role Based / Attribute Based Access Control (RBAC / ABAC)

• Integrate IAM with HR, ITSM, and GRC platforms.

Authentication & Authorization

• Architect secure authentication mechanisms (MFA, passwordless, conditional access).

• Design federation and SSO integrations (SAML, OAuth 2.0, OIDC).

• Support B2E, B2B, and B2C identity scenarios where required.

Privileged Access Management (PAM)

• Design PAM architecture for administrative, service, and privileged user accounts.

• Enforce least privilege, session monitoring, credential vaulting, and just in time access.

• Integrate PAM controls across infrastructure, applications, and cloud platforms.

Cloud, SaaS, and Application Integration

• Design IAM controls for cloud platforms (Azure / AWS / GCP).

• Integrate IAM with enterprise applications (e.g., SAP, ERP, SaaS platforms).

• Ensure secure API and service identity design

Governance, Risk & Compliance

• Align application security architecture with enterprise security frameworks and policies.

• Support regulatory and audit requirements (e.g., SOX, GDPR, ISO 27001).

• Perform threat modeling, security risk assessments, and control gap analysis.

• Define security standards, patterns, and reference architectures.

Collaboration & Advisory

• Partner with application owners, developers, infrastructure, and cloud teams.

• Act as a security SME for projects, incidents, and design reviews.

• Contribute to security roadmap planning and technology selection.

You are best suited for the role if you have the following qualifications:

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).

• 8+ years of experience in application security, security architecture, or enterprise IT security.

• 5+ years of hands on experience with SAP security architecture.

• 5+ years in IAM architecture, design, or senior engineering roles.

• Strong expertise in: SAP security (roles/authorizations, S/4HANA, Fiori, GRC), Identity & Access Management (IAM), Application security principles and SDLC, Cloud and hybrid architectures

• Solid understanding of: Network, OS, and database security concepts, Secure integration patterns (REST, APIs, middleware), Logging, monitoring, and incident response integration, Deep expertise in IAM, including: Identity lifecycle management, Access governance, Federation & SSO, PAM

• Strong knowledge of: Active Directory, Entra ID / Azure AD, Cloud IAM concepts, Authentication protocols (SAML, OAuth, OIDC), Familiarity with IAM platforms (e.g., Saviynt, CyberArk, BeyondTrust, Okta, Azure IAM).

• Strong analytical and problem solving skills.

• Ability to explain complex security concepts to technical and non technical audiences.

• Experience influencing without authority in matrix organizations.

• Excellent documentation and communication skills.

• Strong architectural and analytical thinking

• Ability to balance security, usability, and automation

• Leadership without authority and agility to influence

We support and take care of our employees and their families by offering :

• Generous and complete benefit coverage with group insurance

• Group retirement plan with employer contribution

• Telemedicine and assistance program for employees and their families

• Employee Share Ownership Plan with an employer match

• Paid Parental Leave program

• Paid time off: Sick days, floater days and volunteer day off

• Opportunity to contribute to a collective RRSP & TFSA

• Training and development programs

• Saputo Flex Program, flexible work environment (schedule/location/time off) according to department needs

• Organized activities for employees and their families  

• Advantageous discounts on Saputo products

Salary: $117,560 to $154,300

*Salary offers will vary commensurate with experience, education, skills, and training.

________________________________________________________________________________________

STATEMENT ON AI

All applications are carefully considered by our Talent Acquisition team.

Artificial Intelligence tools may be used in screening applications.

Artificial Intelligence is not used to assess or select applications.