Senior Cybersecurity Architect - SAP S/4HANA Transformation

The Opportunity

Are you a highly experienced Cybersecurity Architect ready to tackle one of the most critical digital transformations in the energy sector? We are seeking a specialized SAP S/4HANA Cybersecurity Architect to join a high-profile, enterprise-wide project for a major client.

This is a 12-month, full-time contract role that is 100% remote.

About the Client

Our client is a leading North American energy company that safely operates a vast, regulated network of energy infrastructure, including major pipelines and power generation facilities. They are currently embarking on a massive, multi-year digital transformation, migrating their core ERP systems (SAP) to S/4HANA on a cloud environment (RISE Private Cloud). This transformation is pivotal to their business and requires an architect who can ensure security is woven into the very fabric of the new architecture.

The Role: Cybersecurity Architect – SAP S/4HANA Transformation

You will be embedded within the SAP project organization as the Trusted Security Advisor. Your primary mission is to design and oversee the robust security architecture that minimizes risk and enables the successful, compliant adoption of their new cloud-based S/4HANA landscape.

Key Outcomes You Will Deliver

• A robust security architecture covering Identity Management, Data Protection, Cloud Infrastructure, and Zero Trust principles for the S/4HANA implementation.
• The prevention of common ERP cloud migration risks (data breaches, compliance gaps, misconfigurations) through proactive Secure-by-Design principles.
• Alignment with critical industry frameworks and regulations (e.g., NIST CSF, ISO 27001, SOX, FERC, TSA).

What You Will Do

1. Architecting the Secure Blueprint

• Develop Security Reference Architectures & Patterns: Design comprehensive security blueprints for the S/4HANA landscape (ERP, databases, SAP BTP, interfaces) hosted in a RISE Private Cloud environment.
• Embed Secure-By-Design (SBD): Work directly with SAP project teams to ensure SBD principles (least privilege, defense in depth) are applied to all solution designs, extensions, and integrations.
• Compliance Integration: Collaborate with GRC teams to ensure architectures satisfy regulatory frameworks like SOX, FERC, and TSA pipeline security directives.

2. Cloud and Infrastructure Security

• RISE Cloud Security: Define cloud security reference architectures and secure the RISE Private Cloud environment (leveraging Azure/AWS native controls).
• Network Architecture: Review and harden the cloud network architecture (VPC/VNet, segmentation, PrivateLink) for SAP systems.
• Shared Responsibility: Focus efforts on securing the customer-managed aspects of the cloud environment, understanding the nuances of the RISE shared responsibility model.

3. Identity and Access Management (IAM) Mastery

• SSO/Federation: Design and implement Single Sign-On (SSO) solutions, integrating S/4HANA and SAP Fiori with corporate Identity Providers (e.g., Azure AD/Okta) using SAML 2.0/OpenID Connect.
• Privileged Access Management (PAM): Design and implement PAM controls for critical SAP administrative accounts, ensuring time-bound, monitored, and least-privilege access.

4. Data Protection and Application Security

• Encryption and Key Management: Develop and enforce policies for data encryption (at rest and in transit), coordinating secure Key Management Systems (KMS) for SAP HANA databases.
• Secure SDLC: Establish a Secure Software Development Life Cycle (SDLC) for custom SAP development, including requirements for code security scans (ABAP), threat modeling, and penetration testing on new interfaces.

5. Monitoring and Incident Response

• Logging and SIEM: Design and implement centralized logging for SAP systems (including the SAP security audit log) into the enterprise SIEM platform.
• Incident Planning: Develop an Incident Response Plan and playbooks specifically for SAP security incidents.

🎯 Requirements

Qualifications & Experience

• Education: Bachelor’s degree in Computer Science or a related field.
• Experience: 5+ years in IT security, with a minimum of 3 years in a dedicated security architecture role.
• Track Record: Proven success in designing security architecture blueprints and strategy for complex enterprise-level projects.
• Diagramming: Virtuosic diagramming and modelling skills—the ability to clearly articulate complex designs is essential.

Mandatory Technical Expertise

• SAP Security: Deep knowledge of securing core SAP components, including S/4HANA, SAP Fiori, and SAP BTP (IAS/IPS, secure connectors).
• IAM: Strong, hands-on experience with SAML 2.0, OpenID Connect, and integrating SAP systems with enterprise IdPs (Azure AD, Okta).
• Cloud Security: Demonstrated experience securing solutions on major cloud platforms (preferably Azure and AWS), including network security, native controls, and KMS/Key Vaults.
• Architecture Frameworks: Ability to translate frameworks like NIST CSF and ISO 27001 into specific technical architecture decisions.
• Core Security: Expertise in Zero Trust Architecture (ZTA), Privileged Access Management (PAM), and threat modelling methodologies.

Desirable Certifications (Highly Valued)

• CISSP or CISM
• Cloud Security Certifications (e.g., CCSP, Azure Security Engineer, AWS Security Specialty)

🤝 Next Steps

This is a high-impact, fully remote contract position offering a unique opportunity to shape the security posture of a major North American energy leader. If you meet these specialized requirements and are ready to deliver excellence on a critical digital transformation, we encourage you to apply now.

The target hiring compensation range for this role is up to 185/hr depending on overall experience. Compensation is based on several factors including, but not limited to education, relevant work experience, relevant certifications, and location.