What you'll build

In this global role, you will be a key member of SAP's cybersecurity incident response (IR) communications team, responsible for leading and coordinating communications during significant cybersecurity and data privacy incidents and major vulnerability events ("Security Events"). The IR Communications Team acts as the central point of contact for enquiries by customer and customer-facing teams throughout the lifecycle of the Security Event, ensuring that information shared to them is accurate, timely and auditable. You will be involved throughout the lifecycle of the Security Event - from initial investigation through containment, remediation, recovery and after-action reviews.

It is critical that you are able to collaborate and align across multiple internal departments including SAP's Cyber Legal, Data Protection and Privacy, Security, Product Engineering, Customer Support and other stakeholders to provide precise and effective Security Event communications in a manner that maintains customers' confidence in SAP's handling of the Security Event. Your work will help ensure continued trust in SAP during high-pressure security events.

What you'll do

• Own and manage communications for major Security Events, including crisis-level events.
• Coordinate incident notifications, status updates and escalations in line with established response processes and approved communication templates.
• Serve as the primary communications interface for customer, field and internal stakeholder enquiries related to Security Events.
• Participate in Security Event triage calls and support decision-making with clear, concise communication.
• Ensure all communications are aligned across technical, legal and business stakeholders.
• Maintain a complete, auditable record of incident communications, decisions and approvals.
• Support and lead post-incident reviews, including lessons learned and continuous improvement initiatives.
• Identify opportunities to enhance Security Event communication, notification and escalation processes.
• Operate independently while managing multiple priorities in a fast-paced, global environment.

What you bring

• • Solid experience in cybersecurity incident response, incident communications, crisis management, program/project management or related roles in a global technology enterprise environment.
  • Demonstrated ability to stay positive and perform effectively under pressure and during fast-paced, high-impact events. Self-starter, motivated, organized, attention to details would be highly valued.
  • Excellent written and verbal communication skills, including the ability to translate complex technical information for executive and non-technical audiences and draft in a legally compliant way.
  • Strong stakeholder management capabilities and experience handling escalations. Experience in or collaborating with legal, privacy, regulatory and/or compliance teams would be highly valued.
  • Solid project management and issue resolution skills, including planning, prioritization and tracking risks and issues through resolution.
  • High degree of discretion and professionalism when handling legally sensitive and confidential information, in line with Legal's guidance.
  • Comfortable working in a virtual, globally distributed organization across multiple time zones.
  • Knowledge of cybersecurity, data protection, regulatory compliance concepts and workflows. In particular, familiarity with established security and risk management frameworks and regulations such as ISO27001, SOC2, NIST CSF, EU GDPR, EU DORA would be valued.
  • Experience working with cloud-based service delivery models.
  • Experience with enterprise collaboration or ticketing tools such as Jira, MS Sharepoint, MS Power BI, MS Power Automate, ServiceNow would be a plus.
  • Bachelor's degree (or higher degree) in Cybersecurity, Information Security, Law, Communications or related discipline preferred; industry certifications such as CISA, CISSP, CCSP, CISM, IAPP CIPPE would be a plus.

Where you belong

This senior role is integral to our team, and we look forward to welcoming a dedicated professional who will support us in building up the Cybersecurity IR Communications team within CISA. CISA sits within the SGSC Customer Office, which is the broader team that "faces" SAP customers and customer-facing teams. We are a team of highly motivated security and compliance professionals that thrive on delivering positive outcomes for SAP. We are uniquely positioned at the crossroads of multiple domains, including customer communications, contract negotiations and security compliance.

If you are a self-starter keen on making a real difference and have the relevant experience and skills, then this is the position for you!

SAP believes the value of pay transparency contributes towards an honest and supportive culture and is a significant step toward demonstrating SAP's commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted combined range for this position is 140000 - 190000 CAD. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc. as determined through the selection process. Any SAP variable incentive includes a targeted dollar amount, and any actual payout amount is dependent on company and personal performance. A summary of benefits and eligibility requirements can be found by clicking this link: www.SAPNorthAmericaBenefits.com.

Due to the nature of the role, which involves global interactions with SAP entities, as well as with employees and stakeholders in Canada, functional proficiency in English is required for positions based in the Quebec.

AI Usage in the Recruitment Process

For information on the responsible use of AI in our recruitment process, please refer to our Guidelines for Ethical Usage of AI in the Recruiting Process.

Please note that any violation of these guidelines may result in disqualification from the hiring process.

Requisition ID: 454238 | Work Area: Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid

Requisition ID: 454238

Posted Date: May 26, 2026

Work Area: Information Technology

Career Status: Professional

Employment Type: Regular Full Time

Expected Travel: 0 - 10%

Location: