SPM BISO

About The Position

Requirements

• 10+ years of experience in information security, cybersecurity, or related technical domains, ideally within enterprise software or cloud environments
• Proven track record in security leadership, governance, or program management roles, with ownership of security posture across a product, platform, or business unit
• Strong familiarity with enterprise security frameworks (e.g., ISO 27001, NIST, SOC2) and experience driving compliance and risk management initiatives
• Experience working within or alongside centralized security organizations (e.g., SGS or equivalent), with the ability to navigate complex, matrixed environments
• Prior experience working in a global enterprise organization is strongly preferred
• Deep understanding of application security, cloud security, and secure software development practices
• Hands-on experience with vulnerability management, risk assessment, and remediation strategies
• Strong knowledge of security architecture, threat modeling, and incident response processes
• Familiarity with enterprise SaaS environments, distributed systems, and cloud platforms (e.g., AWS, Azure, GCP)
• Ability to interpret and operationalize security policies, standards, and controls within a business context
• Demonstrated ability to lead through influence across global, cross-functional teams without direct authority
• High level of emotional intelligence (EQ) with strong stakeholder management and communication skills
• Proven ability to translate complex security requirements into actionable business outcomes
• Strong decision-making capability, with the ability to balance risk and business priorities
• Experience enabling and developing high-performing teams or security communities of practice

Nice To Haves

• Experience acting as a bridge between security teams and business stakeholders
• Background in product security within SaaS or enterprise application environments
• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field (or equivalent experience)

Responsibilities

• Drive the adoption and consumption of central security services delivered by SGSC, while supporting the execution of SAP’s security strategy, standards, and roadmap
• Ensure and oversee the inventory and classification of systems, implementation of security controls, and ongoing risk analysis and remediation of vulnerabilities
• Own and coordinate incident response activities, including decision-making authority and escalation as needed
• Lead and empower security professionals within the LoB, acting as a multiplier and center of excellence to drive security awareness and compliance
• Serve as a key stakeholder in the product release process, with authority to block releases in cases of non-compliance or security risk
• Partner closely with LoB leadership, SGS, and central SAP teams to ensure alignment on security requirements and execution
• Provide feedback and recommendations to enhance and evolve SAP’s overall security practices
• Ensure proper escalation and reporting of security incidents in line with SAP policies and procedures

Benefits

• Constant learning
• skill growth
• great benefits
• team that wants you to grow and succeed
• SAP North America Benefits