ES Cybersecurity Architect

Recruitment Advisor – Western Canada at Raise Pay Rate: $185/hour, depending on experience Contract Length: 1 Year Location: Calgary, Alberta (remote candidates considered) Base Pay Range: CA$136.03/yr – CA$156.78/yr We are hiring an ES Cybersecurity Architect for a leading energy infrastructure company that operates across Canada, the United States, and Mexico. This is a unique opportunity to work with an industry leader and play a pivotal role in secure technology solutions. Description The ES Cybersecurity Architect will be embedded within the SAP project organization and the broader organization. The role bridges the company’s business strategy and secure technology solutions by crafting robust cybersecurity architectures and designing a transformation roadmap at the solution and enterprise level to ensure secure adoption of Cloud-based architecture. The architect is a trusted advisor ensuring cybersecurity is embedded within SAP-based Enterprise Architectures. Key Outcomes A robust security architecture covering identity management, application security, data protection, cloud infrastructure, zero‑trust, and compliance, enabling the S/4HANA implementation to proceed with minimized risk and aligned with industry best practices (e.g., NIST CSF, ISO 27001). The architect’s work will prevent common risks of ERP cloud migrations by proactive design and oversight. Responsibilities Develop Security reference architectures & patterns: Design comprehensive cyber security architecture for the S/4HANA landscape, including ERP, databases, interfaces, cloud infrastructure, and SAP BTP components. Provide clear diagrams of trust boundaries. Embed Secure‑By‑Design in the Program: Work with SAP project teams from planning onward to embed security into solution designs. Review project designs and ensure they follow secure‑by‑design principles. Collaborate with GRC and audit teams to ensure that implemented architectures satisfy frameworks such as SOX, TSA pipeline security directives, and FERC standards. Integrate S/4HANA and SAP Fiori with corporate Single Sign‑On solutions using SAML 2.0 and/or OpenID Connect, leveraging IdP platforms like Okta or Azure AD. Design and implement Privileged Access Management (PAM) controls for SAP administrative accounts, ensuring time‑bound, monitored, and least‑privilege access. Data Protection: Develop and enforce policies for data encryption and key management. Ensure that all sensitive data in the S/4HANA landscape is encrypted at rest and in transit using AES‑256 and TLS 1.2+. Coordinate with cloud providers and SAP Basis teams on a secure Key Management System (KMS) or key vault, managing encryption keys with proper segregation of duties and rotation policies. Cloud Security Architecture: Work with enterprise cloud architects to secure the RISE Private Cloud environment. Create cloud security reference architectures, review VPC/VNet designs, and ensure adequate network segmentation and firewalls. Coordinate identity and access between SAP cloud and corporate cloud environments, integrating SAP’s IAS/IPS with corporate directories. SAP BTP Security: Guide secure use of SAP Business Technology Platform services. Create end‑to‑end BTP security reference architecture; ensure secure development guidelines and identity integration. Application & Interface Security: Establish a Secure Software Development Life Cycle (SDLC) for any SAP custom development. Define security requirements for interfaces between SAP and other systems. Logging, Monitoring & Incident Response: Design and implement centralized logging for SAP systems, develop incident response plans, and support periodic access reviews and audit compliance. Qualifications Enterprise Security Architecture Experience: 5+ years in IT security, with at least 3 years in a security architecture role. Proven strategy and blue‑print design experience. Translate high‑level security frameworks (NIST CSF, ISO 27001, etc.) into specific architecture decisions. Expert diagramming and modeling skills. Demonstrated track record as a security architect, having delivered complex enterprise solutions. Knowledge of industry controls and key regulatory bodies (e.g., CER, TSA, FERC, SOX). Experience with security assessments, penetration testing methodologies, and threat modeling. Experience in Zero Trust Architecture (ZTA), Identity and Access Management (IAM), encryption, and data protection. Knowledge of Cloud security, hosted services security, SaaS/PaaS security models, and cloud‑based security frameworks. Cloud Security Knowledge: Securing solutions on Azure and AWS, including VPC/VNet, subnetting, NACLs, security groups, and VPN/ExpressRoute connectivity. Understanding of cloud native security services such as AWS Security Hub, Azure Security Center, and key vaults. Hands‑on experience with SSO/Federation protocols (SAML 2.0, OAuth 2.0/OIDC) and MFA implementations. Familiarity with Privileged Access Management tools (e.g., CyberArk, BeyondTrust). Education and Skills Bachelor’s degree in Computer Science or related field. Security certifications such as CISSP, CISM, CCSP, Azure Security Engineer, or AWS Security Specialty are highly desirable. Looking for meaningful work? We can help Raise is an established hiring firm with over 65 years of experience. We are a certified B Corporation and donate 10% of our profits to charity. We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/non‑visible disabilities. We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/ In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting, please contact us at +1 800-567‑9675 or hello@raiserecruiting.com. Seniority level: Mid‑Senior level Employment type: Contract Job function: Engineering and Information Technology Industries: Staffing and Recruiting #J-18808-Ljbffr