Über
Automatic notification to your current manager will be initiated upon selection for interview. This applies to all current P or M level candidates.
Relocation Assistance Eligible: No
Referral Payout Eligible: Yes
Continue growing with our family.
Our team members make it happen. If you want to continue to grow in a new role internally and see a position that looks right for you, we encourage you to apply!
Thanks for your commitment to Tyson Foods.
Management Level: P4
Job Description
The SAP Security & Platform Security Engineer is an experienced SAP and Workday security professional with deep expertise in SAP GRC, Workday security configuration, Emergency Access/Firefighter processes, and cross application Segregation of Duties and privileged access controls. This role is responsible for architecting secure integrations for SAP's Joule AI capabilities and promoting Responsible AI and privacy by design principles. The engineer partners closely with IT, HRIS, Audit, Compliance, and business stakeholders to align SAP and Workday security with the enterprise Privileged Access Management (PAM) program, ensuring secure, compliant, and efficient access across the organization.
Essential Duties and Responsibilities
• Lead the redesign and governance of SAP Emergency Access Management (Firefighter), including policy development, workflow design, automated logging and auditing, and stakeholder training.
• Architect secure end-to-end SAP security for Business AI/Joule, integrating IAS/IPS, SCIM/IPS provisioning, Global User ID strategy, OIDC authentication, and user bound principal propagation.
• Implement core AI security controls aligned with Responsible AI principles; including authentication, authorization, encryption, masking, content filtering, and RAG processes.
• Establish a unified cross application Segregation of Duties (SoD) framework across SAP, Workday, and other enterprise systems, defining risks, rulesets, and mitigating controls.
• Lead SoD and access risk remediation efforts by refining user access, adjusting roles, and coordinating with audit and compliance teams to meet SOX, GDPR, and regulatory requirements.
• Integrate SAP and Workday privileged access requirements into the enterprise PAM framework and define standardized workflows for request, approval, usage, and revocation of elevated access.
• Lead Workday security architecture, including security groups, domain policies, role hierarchies, permission models, and consistent least privilege design.
• Oversee enterprise access governance, including periodic access reviews, JML processes, and certification cycles to prevent entitlement creep.
• Act as the primary liaison across IT Security, HRIS, Audit, Compliance, and business stakeholders to ensure alignment of SAP and Workday security with PAM, SoD, and enterprise IAM strategies.
• Conduct audits, risk assessments, and remediation planning while delivering clear reporting, training, and communication to stakeholders. Outcomes
• A modern, policy driven SAP Emergency Access program that ensures controlled, traceable, and audit ready emergency access while reducing misuse and backlog.
• Secure, identity consistent AI enablement for Joule, ensuring AI actions operate strictly within user authorized privileges and comply with Responsible AI requirements.
• A unified SoD framework that provides enterprise-wide visibility into access risks, minimizes cross process conflicts, and improves audit readiness.
• Reduced privileged access risk through standardized PAM workflows, centralized oversight, and integrated logging across SAP and Workday.
• A resilient Workday security architecture with well-structured roles, controlled permissions, and documentation aligned with audit and compliance expectations.
• A strengthened compliance posture with faster remediation, fewer audit findings, and alignment with SOX, GDPR, and enterprise security standards.
• Improved lifecycle access governance that prevents entitlement creep and ensures least privilege access across all business areas.
• More effective cross functional collaboration, resulting in consistent controls, clear ownership, and greater confidence from leadership and audit stakeholders.
Qualifications
• SAP Security & GRC Expertise: 5-10+ years designing SAP roles and authorizations, managing GRC Access Control, and leading Firefighter, SoD analysis, and access risk remediation in S/4HANA and Fiori.
• Workday Security Experience: 3-5+ years configuring Workday's role-based security model, including domain policies, security groups, hierarchies, granular permissions, and SoD controls.
• Privileged Access & Identity Management: Experience designing and operating PAM/EAM workflows, enforcing least privilege access, and supporting audit, monitoring, and compliance processes.
• Cross Application SoD & Governance: Ability to define and manage SoD rulesets across SAP and Workday using platforms such as SAP IAG for unified risk visibility and mitigation.
• AI & SAP Security Architecture: Understanding of SAP Business AI/Joule, IAS/IPS, SCIM provisioning, OIDC authentication, principal propagation, and AI security controls aligned with Responsible AI principles.
• Education & Certifications: Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field; certifications such as CISSP, CISM, CISA, SAP Security/GRC, or Workday Security preferred.
• Leadership & Communication: Strong ability to lead cross functional security initiatives and communicate complex IAM and AI security concepts to technical teams, business partners, auditors, and senior leadership.
Special Skills
• SAP security design and GRC expertise
• SoD analysis and cross application ruleset creation
• SAP S/4HANA, Ariba, Concur, Fieldglass authorization knowledge
• Workday security configuration and permission modeling
• Workday hierarchies, security groups, and SoD controls
• Privileged access management (PAM/EAM) operations
• Emergency access workflows, logging, and auditing
• SIEM and GRC platform integration
• Identity federation (OIDC, SAML, OAuth 2.0)
• SCIM/IPS based identity synchronization
• AI security (encryption, masking, content filtering)
• Responsible AI governance
• JML governance and access certification
• Risk mitigation and compensating controls
• IAM roadmap and program planning
Soft Skills
• Cross functional leadership
• Clear communication of complex security concepts
• Strong collaboration with HR, IT, audit, and compliance teams
• Analytical problem solving
• Change management and process adoption
• Leadership for large security initiatives
• Team mentoring and capability development
• Security awareness advocacy
** Not eligible for visa sponsorship now or in the future **
Work Shift: 1ST SHIFT (United States of America)
Tyson is an Equal Opportunity Employer. All qualified applicants will be considered without regard to race, national origin, color, religion, age, genetics, sex, sexual orientation, gender identity, disability or veteran status.
We provide our team members and their families with paid time off; 401(k) plans; affordable health, life, dental, vision and prescription drug benefits; and more.
CCPA Notice. If you are a California resident, and would like to learn more about what categories of personal information we collect when you apply for this job, and how we may use that information, please read our CCPA Job Applicant Notice at Collection, click here.
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.