Principal SAP Security Architect (S/4HANA & Government Systems)

About the role

The Principal Saviynt IAM Architect (Government Systems & SAP Security Integration) serves as the enterprise design authority for Identity Governance & Administration (IGA), identity lifecycle automation, and regulated access architecture supporting NuSil's U.S. Government operations. This role is primarily responsible for architecting and leading Avantor's identity governance strategy within highly regulated environments, including the implementation and integration of Saviynt with SAP S/4HANA and other enterprise platforms. The team NuSil operates within a defense-regulated environment subject to: CMMC (Cybersecurity Maturity Model Certification) requirements Controlled Unclassified Information (CUI) handling mandates ITAR / Export Administration Regulations (EAR) restrictions Controlled materials and proprietary formulation protections SOX IT General Controls This role designs and engineers identity-driven access controls to ensure regulatory alignment, secure provisioning, defensible audit posture, and sustainable governance of sensitive access across SAP and integrated enterprise systems. The position carries enterprise accountability for IAM architecture in regulated environments and operates with principal-level independence within Architecture & Engineering.

Requirements

• Education : Bachelor's degree and/or equivalent experience, education and training
• Experience : 12+ years of Identity & Access Management experience 5+ years of enterprise IGA architecture experience
• Deep expertise with Saviynt architecture, workflows, and governance models
• Strong understanding of: Identity lifecycle management
• Entitlement modeling
• Automated provisioning
• Access certification
• Role governance
• Experience integrating IDM Solutions with SAP S/4HANA and enterprise applications
• Experience designing IAM controls in regulated environments subject to CMMC, CUI, ITAR, or SOX
• Expert understanding of SAP authorization concepts and SAP role structures
• Experience designing identity-driven access controls for enterprise ERP environments
• Demonstrated ability to operate independently as enterprise architectural authority
• Preferred Qualifications Saviynt certifications or implementation experience
• Experience with SAP GRC Access Control
• Experience supporting U.S. Government or defense-regulated environments
• Familiarity with Zero-Trust and ABAC security models
• Experience with data masking or privileged access governance solutions
• CISSP, CIAM, or related security certifications
• Primary Responsibilities
• Identity Governance & Administration (IGA) Architecture
• Serve as the architectural authority for SAP implementation and identity governance strategy
• Design enterprise identity governance frameworks supporting regulated environments
• Architect identity lifecycle processes including Joiner/Mover/Leaver automation
• Define enterprise entitlement models and role governance structures
• Design automated provisioning and de-provisioning workflows across SAP and integrated platforms
• Architect access certification, attestation, and role review processes
• Define identity governance controls supporting audit, compliance, and regulatory requirements
• Engineer scalable identity governance models supporting growth of U.S. Government operations
• Define API integration strategies, connectors, and identity synchronization mechanisms
• Saviynt Platform Architecture & Integration
• Lead architecture and integration of Saviynt with SAP S/4HANA and other enterprise systems
• Define entitlement mapping strategies between SAP roles and Saviynt access models
• Architect birthright access, dynamic role assignment, and conditional access frameworks
• Configure and optimize provisioning workflows, approval chains, and governance processes
• Prevent over-provisioning and privilege escalation through identity-centric control design
• Design scalable identity governance processes for regulated manufacturing environments
• Partner with enterprise IAM teams on roadmap, standards, and platform optimization
• CMMC, CUI & ITAR-Aligned Access Architecture
• Architect identity-driven access controls aligned to CMMC access control domains
• Engineer segregation and governance of CUI within enterprise systems
• Design controls ensuring ITAR-restricted data is accessible only to authorized U.S. persons
• Define identity governance models supporting controlled manufacturing and export-sensitive processes
• Implement auditable and traceable identity governance controls for regulated environments
• Partner with Information Security and Compliance teams to support evolving regulatory requirements
• SAP Security Integration
• Provide architectural oversight for SAP S/4HANA and Fiori security integration into Saviynt
• Support SAP role governance, entitlement mapping, and Segregation of Duties alignment
• Partner with SAP Security teams on: SAP GRC integration
• Access certification alignment
• Provisioning workflows
• SoD remediation strategies
• Ensure SAP authorization structures align with enterpr

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at vwr? Share your experience