Security Architect - SAP & Enterprise Platforms, Identity & Access Management

Benefits

Additional Information

At Saputo, we bring good to the table by making high-quality products, investing in our people, and supporting communities around the world . As a top 10 global dairy processor, we value contributions that matter and strive to foster an inclusive, growth-driven work environment. Ready to bring your best? Overview of the role: Saputo is seeking for a Security Architect - SAP & Non SAP Platforms who will be responsible for designing, governing, and continuously improving security architectures across SAP landscapes and non SAP enterprise applications. This role ensures that security controls are embedded by design, aligned with business needs, regulatory requirements, and industry best practices, while supporting digital transformation initiatives such as SAP S/4HANA, cloud adoption, and system integrations. Security Architect is responsible for defining, designing, and governing enterprise Identity & Access Management architecture across on premises, cloud, and SaaS platforms. This role ensures that identity services enable the business securely, at scale, and in compliance with regulatory and audit requirements The architect acts as a trusted advisor to IT, business, and risk stakeholders, balancing security, usability, and operational efficiency. How you will make contributions that matter: Security Architecture & Design Define and maintain end to end security architecture for SAP (ECC, S/4HANA, BTP, Fiori, GRC) and non SAP enterprise platforms (custom apps, SaaS, COTS). Define and maintain the enterprise IAM architecture, roadmaps, and reference designs. Lead IAM strategy aligned with Zero Trust, Identity First Security, and cloud adoption. Establish standards for authentication, authorization, identity lifecycle, and privileged access. Embed security by design principles into application development, integrations, and system landscapes. Review solution designs and provide security architecture sign off. SAP Security Design robust SAP security models including roles, authorizations, and SoD controls. Define SAP user lifecycle, privilege access, and logging/monitoring standards. Advise on SAP GRC, access controls, emergency access (Firefighter), and compliance configuration. Support SAP transformations (S/4HANA, cloud, RISE, hybrid landscapes). Non SAP & Enterprise Security Architect security controls for non SAP applications, APIs, middleware, and cloud services (IaaS, PaaS, SaaS). Define standards for authentication, authorization, encryption, secrets management, and secure integrations. Support IAM, SSO, MFA, and directory integrations (e.g., Entra ID, LDAP). Identity Lifecycle & Access Governance Design Joiner Mover Leaver (JML) processes and automated provisioning/deprovisioning. Architect access governance controls including: User Access Reviews (UAR), Segregation of Duties (SoD), Role Based / Attribute Based Access Control (RBAC / ABAC) Integrate IAM with HR, ITSM, and GRC platforms. Authentication & Authorization Architect secure authentication mechanisms (MFA, passwordless, conditional access). Design federation and SSO integrations (SAML, OAuth 2.0, OIDC). Support B2E, B2B, and B2C identity scenarios where required. Privileged Access Management (PAM) Design PAM architecture for administrative, service, and privileged user accounts. Enforce least privilege, session monitoring, credential vaulting, and just in time access. Integrate PAM controls across infrastructure, applications, and cloud platforms. Cloud, SaaS, and Application Integration Design IAM controls for cloud platforms (Azure / AWS / GCP). Integrate IAM with enterprise applications (e.g., SAP, ERP, SaaS platforms). Ensure secure API and service identity design Governance, Risk & Compliance Align application security architecture with enterprise security frameworks and policies. Support regulatory and audit requirements (e.g., SOX, GDPR, ISO 27001). Perform threat modeling, security risk assessments, and control gap analysis. Define security standards, patterns, and reference architectures. Collaboration & Advisory Partner with application owners, developers, infrastructure, and cloud teams. Act as a security SME for projects, incidents, and design reviews. Contribute to security roadmap planning and technology selection. You are best suited for the role if you have the following qualifications: Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience). 8+ years of experience in application security, security architecture, or enterprise IT security. 5+ years of hands on experience with SAP security architecture. 5+ years in IAM architecture, design, or senior engineering roles. Strong expertise in: SAP security (roles/authorizations, S/4HANA, Fiori, GRC), Identity & Access Management (IAM), Application security principles and SDLC, Cloud and hybrid architectures Solid understanding of: Network, OS, and database security concepts, Secure integration