The role of Cyber Security Manager is a critical part of our organization's commitment to safeguarding our products and systems from cyber threats. As a Cyber Security Manager, you will support the implementation and continuous improvement of product cyber security governance, risk management, and compliance activities across the product lifecycle.
You will act as liaison between the product cyber security organization and the central GRC functions, ensuring alignment of policies, risk methodology, and reporting structures.
Maintain and further develop group-wide product security policies, controls, and governance processes in collaboration with the central GRC unit.
Drive risk transparency for product-related cyber risks through structured identification, assessment, documentation, and tracking in line with enterprise GRC frameworks.
* Coordinate security-related risk assessments together with GRC- and Consulting unit, and control maturity evaluations in product development and lifecycle activities.
* Support conformity with cybersecurity-relevant regulatory requirements, such as the EU Cyber Resilience Act, RED, NIS2, or UNECE R155/R156, in alignment with compliance and legal experts.
* Support product security audits and internal/external assessments, ensuring readiness and harmonization with overarching corporate GRC goals.
You will contribute to executive reporting, KPIs/KRIs and management steering materials prepared by the CPSO.
Represent product cybersecurity topics in internal working groups, projects and compliance forums, where cross-functional GRC alignment is required.
To be successful in this role, you should have a degree in Cyber Security, Engineering, Computer Science, Risk Management or related field. You should also have 3+ years of experience in cyber security governance, risk, or compliance, ideally with exposure to product cyber security in regulated industries.
Familiarity with norms and standards, like IEC 62443, is essential. Knowledge of regulatory frameworks affecting product cyber security, e.g. Cyber Resilience Act, RED, NIS2, UNECE R155/R156 is also necessary.
A strong analytical mindset with experience in risk methodology, control assessments, or audit preparation is crucial.