Job Specifications
Our client in the professional services sector is seeking a contract based Cybersecurity Architect - SAP S/4HANA to design and oversee the security architecture of their end client's SAP S/4HANA ecosystem.
This role will ensure that our S/4HANA landscape is resilient, compliant, and aligned with enterprise cybersecurity frameworks. The ideal candidate brings deep expertise in SAP S/4HANA security, governance, and integration, along with experience securing hybrid (on-premise and cloud) ERP deployments.
Duration: 6 months to start
Location: Hybrid Toronto
Responsibilities
Define and implement security architecture for SAP S/4HANA core modules (Finance, Supply Chain, Procurement, Sales, etc.).
Establish secure integration patterns between S/4HANA, SAP Fiori, SAP BTP, and non-SAP enterprise systems.
Align configurations and practices with NIST, ISO 27001, CIS benchmarks, and SAP security best practices.
Provide architectural blueprints, standards, and guidance to project and operations teams.
Implement and enforce SAP security baselines, disabling insecure defaults, restricting administrative access, and ensuring comprehensive logging.
Lead and manage the SAP patching and update cycle with structured testing and CAB-aligned governance.
Secure inbound/outbound integrations (RFC/HTTP allow-lists, ACLs, cloud connectors) and enforce encryption standards.
Integrate SAP logs into the enterprise SIEM, tune alerts, and coordinate with SOC analysts for real-time assurance.
Participate in penetration testing, red team exercises, and independent security assessments.
Design and enforce role-based access controls (RBAC), segregation of duties (SoD), and privileged access for SAP S/4HANA.
Manage SAP IAM with federation to Entra ID/Azure AD, enforce MFA for privileged accounts, and implement emergency access management.
Define governance processes for user lifecycle management, periodic access reviews, and audit support.
Conduct risk assessments, threat modeling, and vulnerability analysis for SAP deployments.
Ensure compliance with SOX, GDPR, PCI-DSS, HIPAA, and relevant ERP regulations.
Maintain risk registers, RACI models, and produce executive-level dashboards and reporting.
Requirements
8-10+ years of IT security experience, with at least 5+ years focused on SAP security architecture and operations.
Proven expertise in SAP S/4HANA security design, configuration, and hardening.
Hands-on knowledge of SAP Fiori security, GRC Access Control, SoD design, and audit practices.
Demonstrated success in patch management, baseline enforcement, and securing SAP integrations.
Practical experience with SIEM integration, log monitoring, and SOC collaboration.
Strong background in IAM/PAM integration with SAP (Azure AD/Entra ID, MFA, RBAC).
Familiarity with hybrid/cloud deployments of SAP (Azure, AWS, GCP).
Certifications (preferred): CISSP, CISM, SABSA, TOGAF. SAP S/4HANA Security or GRC certifications are assets.
Excellent communication skills with the ability to produce audit-ready evidence and explain posture to executives.
A proven ability to step into complex SAP environments and establish control quickly.
About the Company
Advance your market position by adopting leading AI and Digital Solutions. In order to stay competitive in today's market, companies are needing to adopt innovative technologies and transform. Your digital transformation doesn't need to be complicated. With over 20 yrs experience of proven innovative technology delivery across M&A integrations, banking, consulting, insurance, human resources and financial, Resonaite's team will help you define and execute on your digital transformation strategies.
Know more