Share this job
Apply now »







Title:  SAP Security Architect Manager (Basis/HANA)

Job ID:  34260
Country:  Spain
City:  Madrid
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

JTI is a leading international tobacco company with operations in more than 120 countries. We’re the global owner of world-renowned brands such as Winston, the number two cigarette brand in the world, and Camel (outside the US). Our global brands also include Mevius, LD and Natural American Spirit, and we manufacture the internationally recognized Logic e-cigarette brand and Ploom Tech, a major brand in the heated tobacco category. 
Headquartered in Geneva, Switzerland, we employ over 40’000 people across the globe. We were recently awarded Global Top Employer for the fourth consecutive year with regional Top Employer Certification in Europe #1, Asia #1, North America #1, Africa #2 and Middle East #3. This is recognition of our outstanding talent strategy, energizing culture and commitment to learning and development. 
We are a member of the Japan Tobacco Group of Companies. For more information visit www.jti.com.  

 Purpose of the position is to :


1. ensure security measures and configurations around the SAP landscape are adequately designed and comensurate with value of information and related control requirements
2. design SAP security-related processes, procedures, systems, standards, governance, controls and guidelines
3. engineer and maintain a sustainable SAP role architecture to facilitate maintenance of SAP authorizations
4. gather information from various stakeholders for the above purposes
5. document the above requirements as SAP security services' governance standard
6. design and implement controls ensuring SAP systems remain available, transactional integrity is guaranteed and data confidentiality requirements are met
7. promote an information security culture driven by risk considerations
8. manage and transfer knowledge by designing training materials; train SAP security staff and other stakeholders
9. solve complex technical security-related challenges relating to JTI's SAP landscape
10. ensure the above measures / principles are consistently deployed within SAP security and across JTI's SAP landscape




  • University Degree or equivalent
  • 5+ years working experience in SAP security with a focus on design/architecture
  • 2+ years project management experience
  • Cyber Security experience preferred
  • English language skills enabling clear spoken and written communication
  • Project management skills
  • Ability to analyze and critically assess problems
  • Ability to see the big picture as well as giving attention to the smallest detail
  • Imaginative and creative thinking skills
  • Ability to communicate effectively and work with a team spirit
  • Good understanding of business & functional processes – audit background welcome
  • Sound understanding of transactional and Segregation of Duties risks and access controls (Strong security background – non-SAP certifications welcome (CISSP, CISA, etc…)
  • Customer orientation with a strong focus on quality
  • Technical understanding of today’s on premise, HANA and cloud environments


Main Responsibilities


Security processes, design and system planning / tools
•Evaluate opportunities to enhance the security administration processes
•Evaluates the opportunity to develop and provide new services / functionalities within Security and access controls space. Liaise with relevant parts of the organization to propose, develop, and drive the implementation of process enhancements
•Ensure security requirements are captured at project inception, are considered as key requirements during implementation and that information security measures commensurate with risk are rolled-out as of project go-live.
•In particular:
       1. Ensure adequate security support for Development, Quality & Production systems by designing and testing SAP security solution to confirming suitability
       2. Supporting the Functional teams (BTS group) and IT teams (SAP Basis) with conceptual security requirements used during the SAP functional/technical design.
       3. Design SAP security (role) architecture for BW, PO, S4, HR and other SAP system which are part of JTI's SAP landscape. Ensure solutions are flexible (future-proof), sustainable for the future and meet both business (transactional) and security (control) requirements
       4. Design new access control model for non-SAP Systems. 
       5. Develop consistent baseline security (connectivity, security configurations, data encryption) recommendations according to best practice / corporate policies / third-party / experts’ input.
       6. Develop and access control governance model when a new product is incorporated into JTI SAP Landscape 
•Ensure the Security quality gates are adhered to, in particular that the design has been implemented correctly (before Unit testing and at go-live) and that the changes delivered has compliant to the SAP security (and Access Control) design principles.


Governance, risk management & control design

• Design and translate security and/or access control standards, policies, and procedures into practice, in line with the corporate IT security strategy defined by the Chief IT Security Officer and by the SAP Security Director. For instance: Security HANA db policy, System Security parameters policy, SAP systems connectivity standards, etc.
• Evaluates whether security administration measures and related processes are adequate to fulfill the IT security objectives set forth as per IT security policy; in relation to application security the Security Architect works closely with the Financial Controls Group and under the supervision of the SAP Security Director to ensure that application control requirements (system based controls and access privileges) are setup to fulfill business process control requirements.
• Ensure that documentation resulting from the process of designing access control standard is maintained to an agreed standard. 
• Ensure that documentation bridges the gap between business language and technical language (describe how SAP authorizations are implemented in each role and for what purpose).


Business Partnership
•Promote an information security culture driven by risk considerations: The Security Architect actively promotes information security best practice based on identified and emerging risk areas. 
•Responsible for raising and explaining contentious issues with stakeholders using influencing skills to negotiate mutually agreeable decisions regarding the deliverables and security design.
•Act as interface between SAP security, customers, stakeholders; explain and illustrate the need to balance business and security requirements.
•Act as main point of contact with IT Technical teams, develop relationship and collect input in order to develop consistent baseline security recommendations


Controls, monitoring and knowledge management

• Monitor that access designs adhere to architectural requirements, and remain aligned to agreed or documented business processes
• Lead the implementation and maintenance of the SoD. Ensure that risk analysis and provisioning (ARA, ARM) are optimal, balances requirements for functionality and security and that related automated provisioning controls operate effectively. 
• In collaboration with Financial Controls, design controls around the JTI SAP landscape to ensure service availability, transactional integrity and data confidentiality.
• Act as knowledge transfer champion by keeping customers, power users, BTS, service desk, financial controls, business and SAP security team abreast of initiatives. 
• Develop and run training packages related to SAP security with purpose of promoting information security by outlining risks and raising other stakeholders' skill set in this area. 
• Actively engage with the wider SAP and security communities to be at the leading edge of the evolution pipeline regarding SAP security


Advanced technical Support & tools
• Act as main point of contact with IT Technical teams and became the main point of contact for Security on HANA db, security systems configuration, systems connectivity (RFCs, Gateway, RFCs authorizations), SAP cloud solutions, etc.
• Design procedures and tools to automate security processes and enable for the SAP Security Operations team operate IT controls. 
• Evaluate opportunities in the IT market for novel solutions and tools for the SAP security team to increase its operating effectiveness. Bring in best practice and innovation approach from other organizations and facilitate the sharing across the SAP security function.
• Manage the SAP Vulnerability management (ERPScan) tool to identify misconfigurations or vulnerabilities in SAP Landscape, propose and coordinate the corrections needed to reduce the risk exposure.


Apply now »