Information Security Risk Manager (f / m / d)

Information Security Risk Manager (f / m / d) Purpose of Position

To lead and mature Awin's global Information Security Risk Management capability by ensuring the business understands, owns, and appropriately mitigates its information security risks. This role drives structured risk identification, assessment, and reporting processes, ensuring alignment with international frameworks and regulatory requirements. Acting as a senior advisor to the organisation and the board, the role ensures risk appetite is defined, monitored, and communicated, while highlighting control weaknesses and driving accountability for effective risk treatment across the enterprise.

Core Responsibilities

Own, develop, and continuously improve Awin's global information security risk management framework, ensuring alignment with ISO 27001 and regulatory requirements.

Lead enterprise-level risk identification and assessment processes, covering strategic initiatives, projects, technologies, and third-party engagements.

Ensure risks are prioritised and quantified in business terms (e.g., impact on revenue, reputation, compliance), enabling clear decision-making.

Work with executive leadership and the board to define, review, and communicate the organisation's risk appetite and tolerance levels.

Provide clear and actionable risk insights to governance committees, senior management, and the board.

Monitor the effectiveness of internal controls and highlight deficiencies or failures that expose the business to risk.

Recommend and track remediation or compensating controls, ensuring accountability across risk owners.

Own the Information Security Risk Registers, ensuring risks are accurately recorded, updated, and tracked to closure.

Facilitate regular reviews with risk owners to validate status, treatment plans, and residual risk.

Embed risk management practices into strategic and operational decision-making, ensuring risks are considered early in the business lifecycle.

Act as the bridge between technical teams, business stakeholders, and governance bodies to ensure risks are clearly articulated and understood.

Stay informed on regulatory changes, emerging threats, and industry best practices, translating them into risk implications for the business.

Ensure risk posture evolves with the external environment.

Additional GRC Activities

Mentor and develop GRC team members to build expertise in risk management and assurance.

Establish KPIs and dashboards to measure and report on risk posture, risk treatment progress, and control effectiveness.

Represent risk management interests in cross-functional and enterprise-level initiatives.

Professional experience and skills :

5+ years of experience in an Information Security or IT Risk / Compliance role within a GRC function.

2+ years of experience as a lead or senior GRC professional.

Proven experience working within an ISMS environment certified to ISO 27001.

Strong experience conducting and presenting security risk assessments to senior leadership and boards.

Solid understanding of security frameworks and standards : ISO 27001, NIST CSF, CIS, GDPR.

Demonstrated success in designing or overseeing internal control frameworks (e.g. ISO 27001, NIST CSF).

Excellent written communication and documentation skills.

Strong attention to detail with a methodical and analytical mindset.

Strong stakeholder management skills with the ability to engage and influence at senior levels (up to board / C-level).

Ability to collaborate across departments and build stakeholder trust.

Proactive and adaptable; comfortable working in a fast-paced, changing environment.

Demonstrates a project-oriented mindset with the ability to prioritise and manage competing tasks.

Bachelor's degree in Information Security, Cybersecurity, Business, or a related field.

Certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor / Implementer.

Experience with OneTrust, Hyperproof or other GRC platforms.

Familiarity with Confluence, Jira, Asana, Teams, Slack and similar collaboration tools.

Knowledge of core IT infrastructure, identity and access management, network security principles, and cloud environments (e.g. AWS, Azure, GCP) — from a governance and risk perspective is desirable.

Our Offer

Flexi-Week and Work-Life Balance : We prioritise your mental health and wellbeing, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance.

Flexi-Office : We offer an international culture and flexibility through our Flexi-Office and hybrid / remote work possibilities to work across Awin regions.

Health & Well Being : With our support and access to various initiatives and sports offers, you can devote yourself to your mental and physical well-being.

Development : We've built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally.

Remote Working Allowance : You will receive a monthly allowance to cover a part of your running costs.

Appreciation : Thank and reward colleagues by sending them a voucher through our peer-to-peer program.

Awin is an equal opportunities employer and welcomes applications from all qualified candidates. We are committed to diversity and inclusion in the workplace.

#J-18808-Ljbffr