Job Summary
We are seeking a seasoned cybersecurity professional to assume the role of Chief Cybersecurity Risk Manager. This position requires expertise in risk management, governance, and compliance within product lifecycle contexts.
Key Responsibilities
* Support the development and implementation of comprehensive cybersecurity governance frameworks across the organization.
* Collaborate with cross-functional teams to ensure alignment of policies, risk methodologies, and reporting structures.
* Maintain and enhance group-wide product security policies, controls, and governance processes in conjunction with central GRC functions.
* Drive transparency in product-related cyber risks through structured identification, assessment, documentation, and tracking in line with enterprise GRC frameworks.
* Coordinate security-related risk assessments together with GRC- and Consulting unit, and control maturity evaluations in product development and lifecycle activities.
* Support adherence to cybersecurity-relevant regulatory requirements, such as EU Cyber Resilience Act, RED, NIS2, or UNECE R155/R156, in alignment with compliance and legal experts.
* Support product security audits and internal/external assessments, ensuring readiness and harmonization with overarching corporate GRC goals.
* Contribute to executive reporting, KPIs/KRIs, and management steering materials prepared by the CPSO.
Required Qualifications
* Degree in Cyber Security, Engineering, Computer Science, Risk Management, or related field.
* At least 3 years of experience in cybersecurity governance, risk, or compliance, preferably with exposure to product cybersecurity in regulated industries (e.g., machinery, automotive, aerospace).
* Practical experience working with or within enterprise GRC units (IT, OT, or Product Security), ideally in a matrix or group structure.
* Familiarity with norms and standards, like IEC 62443.
* Knowledge of regulatory frameworks affecting product cybersecurity, e.g., Cyber Resilience Act, RED, NIS2, UNECE R155/R156.
* Strong skills in stakeholder coordination and cross-functional collaboration, especially with compliance, legal, IT security, and engineering functions.
* Structured, analytical mindset with experience in risk methodology, control assessments, or audit preparation.
* Fluency in English; German is a plus.