Lead SAP Security Architect S/4HANA & Cloud Chalhoub Group

The Lead SAP Security Architect for the SAP ERP Transformation Program is responsible for embedding security-by-design across the SAP S/4HANA and related ERP systems. The role ensures that all ERP security architecture, controls, and processes align with Group Information Security principles, policies, and standards, and are fully integrated into Group Security Operations capabilities for ongoing monitoring, incident management, and risk mitigation. This individual will collaborate closely with program leadership, business stakeholders, technical delivery teams, and third-party vendors, acting as the primary security authority within the Transform Program and ensuring that ERP security architecture supports Chalhoub Group s broader security and risk objectives.

Key Responsibilities

• Develop, implement, and maintain ERP-specific security architecture, standards, and guidelines aligned with Group Information Security policies and frameworks.
• Establish security architecture blueprints for SAP applications and cloud services, ensuring secure connectivity, encryption, and network design across S/4HANA, BTP, Integration Suite, and Azure environments.
• Define and oversee the secure configuration and hardening of all SAP platforms including S/4HANA, Fiori, CAR, EWM, Ariba, IAG, Solution Manager, BTP, and Integration Suite ensuring encryption, authentication, connectivity, and monitoring controls meet Group and cloud security standards.
• Conduct and document Security Impact Assessments, Threat Modeling, and Risk Assessments across SAP S/4HANA, SAP SuccessFactors, SAP Ariba, and all related ERP modules.
• Define and oversee security controls across the SAP landscape: application security, database security, network security, IAM, and secure configurations.
• Ensure all ERP security design and implementation are integrated with Group Security Operations, enabling continuous monitoring, threat detection, incident response, and log management.
• Oversee SAP logging, monitoring, and SIEM integration, ensuring appropriate event visibility, incident response readiness, and alignment with SOC operations.
• Embed secure development and change practices into programme delivery covering custom developments, transports, and vulnerability management.
• Evaluate and advise on third-party add-ons and integrations for the SAP ecosystem, ensuring alignment with Group Information Security requirements and standards.
• Act as the programme s security authority, partnering with the IAM team, Infrastructure, Basis, Application, and Cloud Security teams to deliver a secure solution and influence decisions in technical governance forums.
• Partner with Program Management, ERP Architects, and business leads to translate regulatory and compliance requirements (e.g., SOX, GDPR) into ERP security controls.
• Collaborate with the IAM team to align role design and Segregation of Duties policy with platform capabilities; ensure solution and integration designs enable IAM controls without owning IAM delivery.
• Operate the SAP Security Notes cadence and platform hardening baselines (OS/DB/SAP), track remediation SLAs, and report posture to the Technical Board.
• Collaborate with internal and external auditors, supporting security audits, assessments, and compliance activities within the ERP environment.
• Act as a conduit between the ERP SAP Transformation Program, the Group Information Security team, and broader governance forums to ensure alignment and transparency.
• Support the development and delivery of security awareness and secure usage training initiatives for ERP program stakeholders