You come from a law background. How did this transform into the role you have today?
That’s right, with a special emphasis on finance & tax law. During my studies, I gained a lot of practical experience, for example at Ernst & Young, other medium-sized companies, at the local court, and the local tax office. I wanted to expand my horizons as much as possible, which is why I decided to also pursue a master’s in business management. Fortunately, I was able to complete my full-time studies through distance learning which allowed me to apply for a working student position at SAP. I was born and raised in Walldorf, so of course, if you have such a big company in front of your house, you naturally have this dream to work there!
And is this where the interest in security governance first began?
Actually it was much early than this. I have been practicing martial arts (Jiu-Jitsu) for many years and have had a lot of contact with other sports colleagues during my active competitive sports phase, most of whom work for the Bundeswehr (the German military.) I originally wanted to join the Bundeswehr myself, as the topic of national security in the global political arena has interested me for a very long time. However, since the training and deployment times could not be combined with my sports career with the German National Team (I was practicing 30-35 hours a week), I decided to further my studies. In the end, I am very grateful to have ended up exactly where I was always meant to be.
Do you still practice Jiu-Jitsu today?
I do but right now just as a trainer. I'm currently pregnant for the second time, so I'm a little bit handicapped to practice on my own. As a trainer, it is still the perfect sport for me and it’s a great way to just power yourself off to maintain that work/life balance – I can take out the day’s stresses in the gym and have a lot of fun on the tatami mat!
Could you describe in 100 words what your role at SAP entails?
My official role is deputy of SAP’s Group Secrecy Office for SAP SE in Walldorf and SAP Deutschland SE & Co. KG (SAP’s German daughter) – I lead the German National Security Walldorf team and all processes of security clearance related aspects for SAP in Germany. I also take care of regulatory required maintenance processes for secure facilities in Walldorf, Germany, including alignment with all internal stakeholders. I raise awareness and educate senior and local management on handling of government security information. My team supports our global customers in sensitive industries (e.g., defense & security, public sector, utilities, and aerospace) and with national security interests.
The SAP GS2 Mission Statement:
We support governments and nation states to protect their most vital assets. We ensure fulfillment of national security requirements as well as compliance with critical infrastructure and telecommunications regulations at SAP. We enable business in heavily regulated markets worldwide.
How long has the security governance department been around at SAP?
I would say it all began with the official public law contract in 2003, when SAP SE, with their entity SAP Deutschland SE & Co. KG, applied for the official German federal secrecy program. This was the first step that allowed SAP to go for contracts with customers of these highly regulated markets because you are not legally allowed to without this invitation. For this reason, the department officially began in 2003, but, between 2003 and 2015, it was just a one man show. Today, we have expanded significantly.
Why is the topic of security governance more relevant today than ever before?
The topic has been incredibly important in previous years and decades, but, of course, it is dependent on the news and the ever-changing global political situation. SAP always accompanies its customers intensively and, as a globally active player, must be in tune with the times. Naturally security is constantly important, no matter in what context you think of it. For example, imagine your own house, do you lock the door or not, in which city are you located? In which country? Are you afraid if you walk alone to your car and if it's dark or not? Security is everywhere and is imperative all the time. The whole topic is very important to us and for our customers, especially in the public sector.
Can you give any examples of the types of clients you work with?
We support our global customers in sensitive industries as mentioned above. With our official customers, here we are talking not about intellectual property of the company, but about state secrets and this could be very hurtful if they get lost or if there's a data leak or something worse. So this could be combined with a lot of, not only legal consequences, but also consequences for the whole country at the end.
Without breaking any confidentiality agreements, can you tell us what a typical workday looks like for you?
It's very difficult to say because it’s constantly changing depending on the day-to-day tasks. There is of course the typical administrative work, but projects also determine our week. We accompany our customers right from the initial contract negotiations through to invoicing and service provision. We also work a lot on site. We communicate SAP internally, externally with customers, and with our supervisory authority, the Federal Ministry for Economics and Climate Action. It’s quite flexible in this sense, and the projects you end up working on are very tailored to your talents and passions.
How diverse is the security governance field in your opinion?
The sector is predominantly characterized by guidelines and, therefore, often associated with fixed, entrenched structures – also regarding diversity. However, in my opinion, SAP has managed to bridge the gap very well between this static sector and modern working life, which is why I believe that our department in particular has internalized the issue and is constantly growing in this sense.
The most important thing in any job is that you have a passion for your work.
Your advice for those interested in a career in security governance?
The most important thing in any job is that you have a passion for your work. A job in security governance often combines classic administration with agile and high qualitative project management – very different ways of working, but at best, one should prefer a mixture of both. If you stay open-minded, you can then pursue your goals and receive the best possible support. You should also enjoy a fast-paced environment and be flexible. In a field like security governance, you always have to be one step ahead. The right skill set is of course important, but again that passion is imperative!