Principal SAP Security Control Architect
Mumbai, IN, 400076
LyondellBasell (NYSE: LYB): As a leader in the global chemical industry, LyondellBasell strives every day to be the safest, best operated and most valued company in our industry. The company’s products, materials and technologies are advancing sustainable solutions for food safety, access to clean water, healthcare and fuel efficiency in more than 100 international markets. LyondellBasell places high priority on diversity, equity and inclusion and is Advancing Good with an emphasis on our planet, the communities where we operate and our future workforce. The company takes great pride in its world-class technology and customer focus. LyondellBasell has stepped up its circularity and climate ambitions and actions to address the global challenges of plastic waste and decarbonization. For more information, please visit www.lyondellbasell.com or follow @LyondellBasell on LinkedIn.
Basic Function
As a Principal SAP Security IT Architect you are responsible to drive best practices around risk, controls and remediation and define a strategy that supports the company’s overall strategy and the SAP roadmap. This role plays a critical role in ensuring the effective functioning and compliance of SAP systems within LYB. This role is to lead the design, implementation, and governance of SAP security solutions, with a focus on Identity and Access Management (IAM) and SAP GRC (Governance, Risk, and Compliance). This position involves developing and implementing strategies to identify, assess, and remediate controls-related issues within SAP environments. This role will be driving security efficiencies, ensuring that technical governance is based on sound architectural principles and correctly documented. This position will work closely with other IT functional and technical Architects, IT Leadership Team, Cyber Security, Internal Controls, Internal Audits and Product teams. Candidates with a strong background in SAP systems, controls, and compliance, coupled with excellent communication and analytical skills, are well-suited for this position.
Roles & Responsibilities
A Principal SAP Security Architect is responsible for ensuring the security of a company's SAP systems. They develop and implement security policies and procedures, conduct security assessments, and perform audits to identify vulnerabilities and risks. They also design SAP Application Security models (Access control and Process control), manage business workshops for requirement gathering, and convert business requirements into technical design/authorization matrix and documentation.:
SAP Security Architecture & Design:
- Design and implement robust SAP security frameworks for various SAP modules, including S/4HANA, ECC, BW, Fiori, and SAP Cloud solutions.
- Develop and enforce role-based access controls (RBAC), segregation of duties (SoD), and security guidelines for SAP landscapes.
- Ensure the integration of SAP security with enterprise IAM platforms.
Governance, Risk, and Compliance (GRC):
- Implement and optimize SAP GRC Access Control for user provisioning, risk analysis, and role management.
- Conduct SoD analysis and remediation across SAP environments.
- Ensure compliance with regulatory requirements, such as GDPR, SOX, and other industry standards.
Identity and Access Management (IAM):
- Integrate SAP systems with enterprise IAM platforms for single sign-on (SSO), multi-factor authentication (MFA), and identity lifecycle management.
- Develop strategies for managing privileged access and audit trails in SAP systems.
- Collaborate with IAM teams to define secure access workflows and policies.
- Continuously conducting comprehensive assessments of existing controls frameworks, policies, and procedures within SAP systems to identify weaknesses, gaps, and areas of non-compliance.
- Designing and implementing remediation plans to address identified control deficiencies, ensuring alignment with industry best practices, regulatory requirements, and organizational objectives.
- Collaborating with other LYB IT architects and IT CoE and Product teams to design and implement technical solutions that enhance control mechanisms within SAP landscapes, including configuration changes, system upgrades, and integration with third-party tools.
- Collaborating with internal audit and business stakeholders to understand control requirements and risk assessments.
- Regularly document and communicate control remediation activities and their impact on business processes.
- Staying up-to-date on the latest SAP security threats and vulnerabilities.
- Keep up to date on industry architectural standards and trends
- Establishing security controls to ensure protection of LYB systems.
- Creating documents such as System Security Plan (SSP), Security Assessment Report (SAR), Contingency Planning, Incident Response Plan, Technical Risk Assessments(TRA) Plans of Actions and Milestones (POA&Ms)
Min. Qualifications
- Bachelor’s degree or higher in information technology, Computer Science or a related discipline
- 15 years of professional experience in SAP security, controls and remediation.
- Minimum of 5 years of experience in SAP security and controls.
- Proven experience in identifying, analyzing, and remediating SAP control deficiencies.
- In-depth understanding of SAP security concepts, including authorization, segregation of duties, and user access management.
- Experience with GRC tools such as SAP GRC AC or similar solutions.
- Strong understanding of SAP modules (e.g., FI/CO, MM, SD) and associated controls frameworks (e.g., SAP GRC).
- Knowledge of relevant compliance regulations (e.g., SOX, GDPR).
- Strong understanding of data privacy and security best practices is a plus.
- Demonstrated problem solving, multi-tasking, troubleshooting skills with a high degree of flexibility
- Experience in Software Development Life Cycle (SDLC) / Agile development / DevOps
- Strong analytical skills with the ability to understand key business processes and related issues
- Strong self-leadership and ability to work independently and manage conflict
- Demonstrated competency in accurately identifying the scope of work and preparing thorough, accurate and detailed schedule estimates.
- Non-functional requirements gathering and solutioning experience
- Ability to develop successful relationships with external and internal partners
- Possessing experience leading end SAP Security implementations and controls integration projects.
- Good understanding of SAP systems such ECC, S/4, Ariba, SuccessFactors and Non-SAP systems such as Salesforce, OneStream.
Preferred Qualifications
Must demonstrate strong skills in the following areas:
- Candidate must have excellent collaboration , proven ability to cultivate innovation , drive results and install trust and integrity
- Candidate will be able to work independently , be self-driven and also delivering through others when necessary
- Team work - Effectively work as part of a team in large Enterprise systems and possess strong interpersonal/communication skills
- Communications –Documents and presents complex technical subjects; can present to project leadership and business stakeholders
- Technical Learning – Strong technical breadth and depth, and consistently researches new technologies and industry trends
- Problem Solving – Leads complex root cause analysis activities and problem solving teams; demonstrates proactive problem management capabilities
- Soft skills - develop relationships across the organization and build trusted relationships to deliver great results together with the key stakeholders
Competencies
We are LyondellBasell – a leader in the global chemical industry creating solutions for everyday sustainable living. Through advanced technology and focused investments, we are enabling a circular and low carbon economy. Across all we do, we aim to champion our employees, and unlock value for customers, investors and society. LyondellBasell places high priority on diversity, equity and inclusion and is strongly committed to our planet, the communities where we operate and our future workforce. As one of the world’s largest producers of polymers and a leader in polyolefin technologies, we develop, manufacture and market high-quality and innovative products for applications ranging from sustainable transportation and food safety to clean water and quality healthcare. For more information, please visit www.lyondellbasell.com or follow @LyondellBasell on LinkedIn.
Must be at least 18 years of age and must be legally authorized to work in the United States (US) on a permanent basis without visa sponsorship.
LyondellBasell does not accept or retain unsolicited résumés or phone calls and/or respond to them or to any third party representing job seekers.
LyondellBasell is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, veteran status, and other protected characteristics. The US EEO is the Law poster is available here.