Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : SAP Identity and Access Management, SAP Cloud Identity Services
Good to have skills : NA
Minimum 7.5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary:
As a SAP ILM / IRM Security Architect, your typical day involves in Managing and coordinate day-to-day security operations across IAM (CIS/IAG), SAP security, Entra ID, and infrastructure security. Ensure compliant execution of access management processes (user provisioning, role assignment, SoD controls). This role requires careful planning and documentation of security controls to ensure a smooth transition to cloud security-managed operations. The position demands continuous evaluation and refinement of security architectures to support evolving business needs and technological advancements, fostering a secure and resilient cloud environment.

Roles & Responsibilities:
- Expected to be an SME, collaborate and manage the team to perform.
- Responsible for team decisions.
- Manage and coordinate day-to-day security operations across IAM (CIS/IAG), SAP security, Entra ID, and infrastructure security
- Ensure compliant execution of access management processes (user provisioning, role assignment, SoD controls)
- Oversee SAP roles and authorization management, including Fiori activation and transport-related security aspects
- Coordinate firewall and WAF rule management in alignment with security policies and change processes
- Ensure proper security monitoring and incident handling, including SIEM integration and escalation management
- Act as the offshore lead for security delivery, ensuring SLA adherence and operational quality
- Support audit activities, evidence collection, and compliance reporting (e.g. EnWG, ISO 27001, KRITIS)
- Enforce segregation of duties and environment separation (PROD vs NON-PROD, Lot 1 vs Lot 2)
- Drive continuous improvement and automation of security processes

Professional & Technical Skills:
- Must To Have Skills: Proficiency in SAP Identity and Access Management.
- Strong knowledge of cloud security principles and best practices related to identity and access management.
- IAM & Identity Federation
- Strong understanding of identity architectures with Microsoft Entra ID, SAP Cloud Identity Services (CIS)
- Experience with SAP Identity Access Governance (IAG)
- Experience with federation protocols (SAML 2.0, OpenID Connect, OAuth2)
- Knowledge of user lifecycle management and provisioning (IPS/SCIM)
- Understanding of SoD (Segregation of Duties) concepts and governance processes
- SAP Security & Authorization Deep knowledge of SAP authorization concepts (PFCG)
- Experience with S/4HANA (ideally IS-U) security and role design Understanding of Fiori authorization model (catalogs, groups, roles)
- Familiarity with SAP BTP security concepts (Role Collections, XSUAA)
- Security Operations & Monitoring
- Experience with SIEM tools and security monitoring processes
- Understanding of log analysis across SAP, BTP, and identity systems
- Ability to manage security incidents and escalations
- Knowledge of audit logging and compliance requirements
- Network & Infrastructure Security
- Basic to advanced understanding of:
- Firewall (FW) management
- Web Application Firewall (WAF)
- Understanding of secure connectivity concepts (e.g. Cloud Connector, reverse proxy, API protection)
- Cloud & Platform Security Experience with SAP BTP security architecture
- Understanding of cloud-native security principles (Zero Trust, least privilege)
- Knowledge of multi-tenant architectures and isolation mechanisms
- Regulatory & Compliance Knowledge
- Familiarity with German EnWG and unbundling requirements (highly desirable)
ISO 27001 / ISMS processes
- Audit and compliance frameworks (KRITIS, SOC, etc.)
- Ability to translate regulatory requirements into operational controls
- Delivery & Coordination Skills
- Strong experience in service delivery management (ITIL-based)
- Ability to manage offshore teams and coordinate across time zones
- Experience in stakeholder management (onshore/offshore model)
- Strong incident, change, and problem management skills
- Strong communication skills (English mandatory, German a plus)
- High level of ownership and accountability,
- Ability to work in complex, regulated environments
- Structured and audit-oriented mindset
- Experience with SAP IAG Access Risk Analysis (ARA)
- Knowledge of automation tools / job schedulers in SAP environments
- Exposure to DevSecOps practices
- Experience in energy/utilities sector


Additional Information:
- The candidate should have minimum 9 years of experience in SAP Identity and Access Management.
- This position is based at our Mumbai office.
- A 15 years full time education is required.