💻 Ework Group - founded in 2000, listed on Nasdaq Stockholm, with around 13,000 independent professionals on assignment - we are the total talent solutions provider who partners with clients, in both the private and public sector, and professionals to create sustainable talent supply chains.

With a focus on IT/OT, R&D, Engineering and Business Development, we deliver sustainable value through a holistic and independent approach to total talent management.

By providing comprehensive talent solutions, combined with vast industry experience and excellence in execution, we form successful collaborations. We bridge clients and partners & professionals throughout the talent supply chain, for the benefit of individuals, organizations and society.

🔹 For our Client from pharmaceutical industry we are looking for SAP Security Architect🔹

Our SAP landscape underpins critical business and regulated processes globally — spanning Finance, Supply Chain, Manufacturing, Quality, and R&D. As we continue our S/4HANA transformation journey and expand our SAP Business Technology Platform (BTP) footprint, we are looking for an exceptional SAP Security Architect to lead and own our end-to-end SAP security strategy, architecture, and governance.

If you are an expert in SAP security, authorisations, and SAP cyber risk management with a proven track record of designing enterprise-grade SAP security architectures across S/4HANA, BW/HANA, HANA DB, Fiori, and BTP — we want to hear from you.

________________________________________

The position

As a SAP Security Architect, you will be a key technical leader within our SAP Security function, responsible for defining and driving the SAP security architecture, standards, and governance across a complex, global, and regulated SAP landscape. You will work closely with senior stakeholders, cybersecurity leadership, compliance teams, and SAP programme teams to ensure our SAP environment is secure, compliant, and fit for the future.

This is a individual contributor and leadership role with significant scope, influence, and visibility across the organisation.

• ✔️SAP security architecture & strategy
• • Define and own the SAP security architecture (on-prem and cloud), including target-state design, standards, reference architectures, and implementation roadmaps.
  • Drive security-by-design across SAP programs (new implementations, rollouts, upgrades, and S/4HANA transformations).
  • Engage with technical and compliance SMEs, business stakeholders, and vendors to shape direction and delivery outcomes.
  • Present SAP security posture, risks, and roadmap to senior leadership and the CISO organisation.

• ✔️Authorisation design & implementation (core)

• • Lead the design and implementation of SAP authorisation concepts and role-based access control (RBAC) across end-to-end business processes (e.g., Finance, Supply Chain, Manufacturing, Quality, HR, BW, ATTP, GBT).
  • Establish and govern role design methodology (business roles, derived roles, org-level strategy, SU24 governance, naming conventions, firefighter strategy).
  • Streamline and govern role lifecycle processes (intake, build, testing, approvals, transport, periodic review, and recertification).
  • Govern change management and transport security processes to ensure integrity of the SAP security landscape.

• ✔️S/4HANA, Fiori & modern UX security

• • Secure SAP Fiori front-end and SAP Gateway (catalogs/groups/spaces/pages concepts, OData service authorisations, UI/service hardening).
  • Design secure authentication and SSO patterns (SAML2/OAuth2, SNC/Kerberos, MFA integration where applicable).

  ✔️SAP BTP security (cloud)

  • Design and implement SAP BTP security models (subaccount structure, entitlements, role collections, XSUAA, destinations, Cloud Connector considerations).
  • Integrate SAP BTP with enterprise identity providers and SAP cloud identity services (IAS/IPS) and define secure onboarding patterns.
  • Define API security standards and integration security patterns for SAP Integration Suite, PI/PO, and other middleware components.

• ✔️BW/HANA & HANA DB security

• • Own security design for BW on HANA / BW/4HANA (analysis authorisations, data access controls, authorization-relevant objects).
  • Design HANA database security (users/roles, privileges, schemas, auditing, encryption options, secure connectivity patterns).

• ✔️Governance, Risk & Compliance (GRC), audits & controls

• • Lead SAP security controls design and operationalization for internal/external audits (SOX/ITGC and other control frameworks), including evidence readiness and remediation plans.
  • Drive Segregation of Duties (SoD) design and remediation, emergency access controls, and continuous control monitoring.
  • Partner with cybersecurity teams to align SAP controls to enterprise security requirements (logging/monitoring, vulnerability management, hardening, incident response playbooks for SAP).
  • Lead SAP security controls design and operationalization for internal and external audits including SOX/ITGC, GxP/CSV (Computerized System Validation), and other applicable control frameworks.
  • Ensure security documentation readiness for GxP-validated SAP systems including User Requirement Specifications (URS), Functional Specifications (FS), and Requirements Traceability Matrices (RTM).
  • Leverage SAP security tooling (e.g., SAP EarlyWatch Alert, Security Bridge, Onapsis, or equivalent) for continuous vulnerability management and security monitoring.

• ✔️Delivery leadership

• • Provide technical leadership to SAP security teams (onshore/offshore), coach senior analysts, and review solution designs and deliverables.
  • Define and track key security metrics including SoD violation reduction, audit finding remediation rates, role design quality, and security architecture coverage.

• ________________________________________

  ✔️Qualifications

  To be successful in this role, you should have:

• • Bachelor’s degree in engineering, Computer Science, or related field.
  • 15–20 years of relevant SAP Security experience, including several full lifecycle implementations and global rollouts.
  • Deep hands-on expertise in SAP authorizations and security administration across key SAP modules (S/4, BW, ATTP, GBT) and business processes.
  • Strong experience with S/4HANA security and role redesign.
  • Strong experience in SAP audit/security and compliance initiatives such as SoD remediation, SOX, and ITGC.
  • Proven SAP cybersecurity experience (risk assessments, secure configuration/hardening, security logging/monitoring integration, vulnerability remediation coordination).
  • Consulting background strongly preferred; Big 4 consulting experience is highly desirable.
  • Ability to work with senior stakeholders and translate business requirements into secure, scalable access designs.
  • Excellent communication skills in written and spoken English.

• Nice to have (common for SAP Security Architect roles)

• • Experience with SAP GRC Access Control and/or SAP Cloud Identity Access Governance.
  • Security certifications (e.g., CISSP, CISA, CISM, CRISC) and/or SAP security-related certifications.
  • Experience in regulated environments (e.g., GxP) and validated system landscapes.
  • Experience with SAP security vulnerability management tools (e.g., SecurityBridge, Onapsis, Relevant).

  ✔️ We offer:

  • B2B agreement
  • Transparent working conditions with both Ework and the client
  • Current support during our cooperation
  • Possibility to work in an international environment
  • Collaborative environment in Swedish organizational culture
  • Private medical care
  • Life insurance
  • Multisport
  • Teambuilding events

  Contact person: karolina.rosikiewicz@eworkgroup.com

  Do you know someone who would fit this position? Recommend a candidate by sending her/his CV to: polecenia@eworkgroup.com

  Whistleblowing Policy, which provides guidelines for reporting misconduct can be found on Ework website: https://www.eworkgroup.com/about-us/our-responsibility