Security Lead Architect

Overview: The SAP Security Lead Architect is responsible for designing, implementing, and governing end-to-end SAP security architecture across the enterprise landscape. This role ensures secure, compliant, and scalable SAP environments by leading security strategy, role design, governance models, and integration with broader enterprise security frameworks. Key Responsibilities Security Architecture & Strategy Develop and own the SAP security architecture roadmap covering SAP ECC/S4HANA, Fiori, BTP, BW/4HANA, and SAP Cloud solutions. Establish security standards, policies, and governance aligned with corporate security frameworks and regulatory requirements (SOX, GDPR, HIPAA, etc.). Guide business and IT leadership on SAP security best practices and risk mitigation strategies. Role Design & Access Management Lead the design and governance of SAP roles, authorization concepts, and segregation-of-duties (SoD) frameworks. Review, analyze, and approve role changes, security transports, and overall access provisioning models. Oversee user administration and integration with identity systems (Azure AD, Okta, GRC, IDM). SAP GRC Ownership Architect and manage SAP GRC Access Control (AURA), Process Control, Risk Analysis & Remediation, and emergency access management. Lead SoD rulebook maintenance, continuous control monitoring, and compliance reporting. Partner with auditors for periodic reviews and risk assessments. Project Leadership & Delivery Serve as the security lead for SAP projects, upgrades, migrations, and S/4HANA implementations. Provide architectural guidance to project teams on secure configurations, interface controls, and custom development. Author technical design documents, security blueprints, and cutover plans. Monitoring, Compliance & Risk Management Define and implement security monitoring, audit logging, and threat detection within SAP environments. Collaborate with InfoSec, Internal Audit, and Compliance teams on assessments and remediation. Ensure adherence to regulatory requirements, data-privacy mandates, and cyber-security controls. Collaboration & Stakeholder Engagement Work closely with Basis, Functional, Development, and Cloud teams to ensure security is embedded into all SAP applications and integrations. Partner with business process owners to align security with functional requirements. Lead workshops, training, and knowledge transfer sessions on SAP security concepts and GRC usage. Required Skills & Experience Strong hands-on SAP GRC Access Control knowledge (ARM, ARA, EAM, BRM). Experience with SAP Fiori, SAP BTP, and cloud-based authorization models. Knowledge of SoD frameworks, compliance controls, and audit processes. Familiarity with identity management, SSO, and MFA integrations. Ability to lead security architecture discussions with executives and technical teams. Strong documentation, governance, and communication skills. Preferred Qualifications Experience in full-cycle SAP S/4HANA implementations. Background in InfoSec, cybersecurity, or enterprise security architecture. Certifications such as SAP Security, SAP GRC, or CISSP/CISM. Experience with SAP cloud security (BTP, IAS/IPS, SAC, Ariba, SuccessFactors).