Chaker Zaafouri

- Integrate security by design principles across all project phases, from architecture design to run operations

- Define cloud security strategies, governance models, and security processes for Move2Cloud and transformation programs

- Adapt and operationalize cloud security frameworks to customer cloud infrastructures

- Establish enterprise risk management practices, including assessment, mapping, mitigation, treatment, and acceptance

- Design and secure cloud landing zones in alignment with corporate security standards and cloud provider best practices

- Build and maintain security knowledge bases and hardening guidelines for public cloud services

- Define and implement a Zero Trust security architecture roadmap, including IAM enhancements, micro-segmentation, and continuous authentication

- Lead the validation of infrastructure and cybersecurity architectures for SAP S/4HANA deployments on Microsoft Azure and Alibaba Cloud

- Ensure security compliance of SAP workloads on Azure with corporate standards, cloud security frameworks, and Azure best practices

- Validate SAP RISE architectures against enterprise security, governance, and compliance requirements

- Ensure cloud landing zone and SAP RISE compliance with corporate security policies and regulatory standards

- Coordinate with SAP, Microsoft, system integrators, and customer teams to validate end-to-end architectures and remediation plans prior to go-live

- Define technical and functional security pre-requisites in projects on premise, private Cloud/SaaS or public Cloud Azure/GCP/Aliyun; in line with IT and information security strategies and policy framework

- Azure cloud Audit, gap assessments & Gap analysis

- Define strategy and action roadmap for gap remediation & prioritize high prioity + low complexity approch to reach quick wins

- Create & maintain Naming & Tagging convention for cloud

- Define Role Based Access Control strategy & process documentation

- Create Techical Architecture Document Template, Secret inventory, Network stream

- Define Cloud Security Policies & Cloud Backup Policies

- Produce Network Hub&Spoke, DMZ, T0, Disaster recovery patterns

- Define Infra as Code strategy

- Form, Train & manage DevSecOps team to Automate the cloud environment with CI/CD pipelines and infrastructure as a code

- Design multi-cloud Terraform modules

- Adopt "Cloud First" strategy

- Define move to cloud strategy & risk management

- Study existing technology landscape and understand current application workloads

- Understand and document technical requirements from business units & clients

- Define Migration strategy to move applications to the cloud

- Develop architecture blueprints and detailed documentation

- Create bill of materials, including required Cloud Services and tools

- Design the HA / DR strategies

- Set up process, services and tools around cloud

- Oversee building of the environment and project solution designs

- Validate the environment to meet all security and compliance controls

- Help share knowledge across the team on the various Azure, GCP & Aliyun services

- Ensure Cloud Technical Referent

- Applications Security Risk Assessment, Risk Mapping & Risk Mitigation

- HLD LLD Development & Azure Cloud Technical Architecture Document

- Development of Application Technical Architecture Document (DAT) Templates

- Drafting of architectural repositories: TAD Template, Build Sheets, Backup / restore Sheets,

- Functional Architecture Document for Project Managers, Service Catalog

- Design of Technical Solutions & Development of TAD

- Build Networks, ExpressRoute, Hub/Spoke Topology, UDR, NSG, Firewall HA, WAF, VPN Site-Site/nomad

- Backup Automation, Patchs management, Job Scheduling

- Migration of all applications from onPremise Data Centers to Azure Cloud

- Technical study for the demutualization of physical servers towards virtualization / Cloud

- Infrastructure-as-Code (Terraform/Ansible) for all SAP Environments on Azure

- Continuous Delivery Ansible for installation & configuration of all prerequisites for SAP environments (Patterns & Packages).

- SAP/Azure performance tuning

- Cloud Technical Referent in the Information System Department

- Ensure compliance with standards and compliance with the security policy

- Development of processes in the Cloud & Apps Integration Department

- Support for clients to define their needs

- Costing of new Cloud needs and cost optimization

- Azure cost optimization & Finops

- Ensures compliance with standards and the governance of Eramet Group's processes