Job Description
Position overview
The Information Security Manager is responsible for establishing, coordinating, and maintaining all information security–related activities within the division. The role ensures compliance with relevant security standards and regulatory requirements ( NIS2, ISO/IEC 27001, Cyber Resilience Act), supports secure processes across IT, OT, and product environments, and aligns divisional practices with Group Security Strategy. The position acts as the divisional subject‑matter expert and single point of contact for security, operating independently and cross‑functionally.
Your Responsibilities
1. Information Security Management: Define and maintain division‑specific security policies, standards, and procedures; perform risk assessments; manage the security risk register; and support correct information classification and protection
2. Regulatory Compliance (NIS2 / ISO 27001 / CRA): Lead divisional readiness for NIS2 and ISO/IEC 27001, coordinate audits and documentation, and support product‑related cybersecurity requirements in line with the Cyber Resilience Act; maintain a regulatory dotted‑line reporting relationship to the EVP to ensure transparency and escalation on compliance‑relevant matters
3. Security Operations & Incident Handling: Serve as divisional coordinator for security incidents and align with Group processes, including vulnerability management and remediation tracking
4. Supplier & Third‑Party Security: Conduct supplier security assessments, ensure contractual requirements are met, and follow up on deviations and corrective actions
5. Awareness & Training: Coordinate mandatory security awareness activities and enable role‑based security competence across relevant teams
6. Project & Product Security Support: Advise ISM, R&D, Operations, and other functions on necessary security requirements, ensuring their integration into projects, products, systems, and processes
7. Governance, Process Oversight & Reporting: Define, monitor, and continuously improve security‑relevant governance and compliance processes; act as senior escalation authority for internal and external audits; prepare regular reports on security status, risks, and KPIs for divisional management; and ensure close alignment with Group Security and other divisions
Qualifications
Your Profile
8. University degree in Information Security, Computer Science or comparable qualification
9. Several years of experience in information security, cybersecurity, or risk management
10. Experience with ISO/IEC 27001, NIS2 implementation, incident response, and supplier/security governance
11. Experience in industrial or product‑oriented environments (IT/OT) is an advantage
12. Strong communication and facilitation skills paired with a structured, independent working style
13. Able to operate independently and reliably as a “one‑person function” while coordinating cross‑functional stakeholders
14. Strong communication skills with the ability to translate complex security topics into actionable guidance
15. High degree of integrity, confidentiality, and resilience
16. Very good English skills; German is beneficial
Additional Information
What will you get in return for all the great things you bring to the table?
17. 30 days of annual leave
18. Subsidized company pension plan
19. Subsidized group accident insurance
20. Hybrid working model
21. Flexible working hours
22. Opportunity to purchase TOMRA shares at a discounted rate
23. Employee discounts for various online shops via Corporate Benefits
24. Company (e-)bike leasing
25. Subsidy for gym memberships
26. Employee Resource Groups (ERGs) for Women, LGBTQ, and Roots
27. Health management programs
28. On-site canteen and parking garage
Does this sound like the right opportunity for you?
Please send your CV, a few words about yourself, and your motivation for this position and joining TOMRA in the "Message to manager" field.
*Tomra does not differentiate on the basis of gender, race or ethnicity, religion, color, sexual orientation or identity, disability, age and other protected statuses as given by applicable law. We are committed to creating a diverse and inclusive environment and are proud to be an equal opportunity employer.
#LI-MH1