As a seasoned security professional, you will play a pivotal role in safeguarding our products against cyber threats.
About the Role:
* Collaborate with our Corporate Product Security Officer to develop and implement robust product cybersecurity governance, risk management, and compliance strategies.
* Act as a liaison between product cybersecurity teams and central GRC functions to ensure alignment of policies, risk methodologies, and reporting structures.
* Maintain and enhance group-wide product security policies, controls, and governance processes in collaboration with central GRC units.
* Drive risk transparency for product-related cyber risks through structured identification, assessment, documentation, and tracking in line with enterprise GRC frameworks.
* Coordinate security-related risk assessments with GRC- and Consulting units, and control maturity evaluations in product development and lifecycle activities.
* Support conformity with cybersecurity-relevant regulatory requirements, such as the EU Cyber Resilience Act, RED, NIS2, or UNECE R155/R156, in alignment with compliance and legal experts.
* Support product security audits and internal/external assessments, ensuring readiness and harmonization with overarching corporate GRC goals.
* Contribute to executive reporting, KPIs/KRIs, and management steering materials prepared by the CPSO.
* Represent product cybersecurity topics in internal working groups, projects, and compliance forums, where cross-functional GRC alignment is required.
Your Qualifications:
* Degree in Cyber Security, Engineering, Computer Science, Risk Management, or related field.
* 3+ years of experience in cyber security governance, risk, or compliance, ideally with exposure to product cyber security in regulated industries (e.g., machinery, automotive, aerospace).
* Practical experience working with or within enterprise GRC units (IT, OT, or Product Security), ideally in a matrix or group structure.
* Familiar with norms and standards, like IEC 62443.
* Knowledge of regulatory frameworks affecting product cyber security, e.g., Cyber Resilience Act, RED, NIS2, UNECE R155/R156.
* Strong skills in stakeholder coordination and cross-functional collaboration, especially with compliance, legal, IT security, and engineering functions.
* Structured, analytical mindset with experience in risk methodology, control assessments, or audit preparation.
* Fluent in English; German is a plus.
About Us:
* We offer a secure job with a unique variety of tasks.
* You'll have exciting development opportunities and attractive remuneration and social benefits.
* We provide flexible and hybrid working, freedom for creative work, company pension scheme, crisis-proof workplace, individual development and training opportunities, employee benefits & discounts, bicycle leasing through salary conversion, healthy & regional catering in the company restaurant, company health management programme, and EGYM Wellpass.