- Understand the access model and brings security awareness to the product teams on applicable standards/policies; make recommendations for improvements to existing tools and solutions to keep up with the standards.
- Responsible for oversight and governance for identity and access management (IAM), including role creation and modification, user creation and assignment with Central User Administration (CUA) and assignment of Structural Authorizations
- Work with business and project teams to govern SAP/middleware access requests and related issues by following the standardized processes and procedures
- Assist in resolving issues related to roles & authorization, and in implementing a testing strategy for credentials management, code quality, vulnerability assessment, secrets management, and other roles & authorization related development.
- Provide support regarding safe code migrations (Transport) in all Cloud environments for SAP applications and/or middleware platform.
- Performing risk assessments, threat modeling and security architecture reviews, and prepare and maintain security related documents as and when required.
- 7+ years progressive experience in the IT Security field.
- In-depth knowledge of entitlements and access control the various protocols for tracking records such as LDAP
- Strong SaaS/Application/Network security knowledge and experience. Extensive experience and knowledge in as many as possible of the following areas: Application security, SAP and non-SAP applications Middleware Management Data Security Identity and access management - AWS Cloud, Okta, OpenID, OAuth, SAML, 2FA Cloud computing, Cloud Network Services and Software-defined networking (SDN) Cyber Security and Cyber Investigation
- Network layer technologies – FWs (Juniper, Checkpoint or similar), EDR fundamentals, VPN technologies, DNS
- SCA and SAST tools – OWASP Dependency-Check, OWASP Dependency-Track, Snyk, Veracode, SonarQube or similar
- Experience in Disaster Recovery
- Experience in Test and Evaluation
- Experience in Risk Management
- Experience in designing and configuring SAP security solutions such as GRC Access Control, Identity Access Governance, GRC Process Control, SAP Enterprise Threat Detection and Onapsis
- Ability to foresee IT risks and implications on SAP ERP programs, with the ability to identify weaknesses and recommend solutions to senior stakeholders
- Expertise in threat modeling frameworks
- OWASP Top 10, STRIDE, MITRE ATT&CK framework or similar
- NIST SP Risk Management Framework
- Security GRC – MetricStream or similar
- Leadership skills, experience working with various stakeholders
- Experience using Jira for Agile software development, and deliver methodology
- Academic : University degree in engineering, computer science, business, or equivalent (Required)
- Certifications: CISSP, CISA, or CISM
- Working with a modern technology stack in a team that values innovative ideas to enhance our process
- A diverse and inclusive team environment that is friendly to family commitments.
- Options to arrange either a full-time-remote or in-office workspace with your manager.
- Your choice of a Mac or Windows development environment.
- Make a difference in the lives of hundreds of thousands of Canadians per day who use Purolator's services.
IT Security Analyst - Mississauga, Canada - Purolator Inc
Description
Job Description
:Reporting to the Director IT Operations & Governance, the IT Security Analyst is responsible for governing all security aspects in the IT solutions in SAP applications and/or in the middleware areas, ensuring compliance to security guidelines set by Innovapost Security COE, compliance to security auditing requirements, and following industrial best practices.
The security specialist is to work closely with other practice leads and the product teams to promote DevSecOps practices. The successful candidate will be driving implementation and adoption of security practices for the product lifecycle of the Business Solution Delivery (BSD) group from Architecture to Design, Test, Deployment and operations.
The security architect is connected to Security COE and is responsible to produce any security assessment or audit report required by Security COE.
What will you be responsible for?
What does it take for this role to be yours?
Additional skills that set you apart
Education and certification
What We Offer
Purolator is one of Canada's best employers (), offering an industry leading total compensation, and a professional, satisfying work environment.