CrawlJobs Logo

Information Security Risk Manager

· Job Posted April 05, 2026
Apply Position
Job Link Share

Job Description

As Information Security Risk Manager (f/m/d) you will own and drive Awin’s global Information Security Risk Management capability end-to-end, ensuring the business not only understands its risks but takes measurable action to reduce them. You will be accountable for embedding a strong culture of risk ownership across the organisation, proactively identifying gaps, and driving remediation through to completion. This role requires structured risk identification, assessment, and reporting whilst acting as a advisor to senior leadership and the board. It ensures that risk appetite is clearly defined, actively used in decision-making, and consistently monitored.

Job Responsibility

  • Lead enterprise-wide risk identification and assessment across strategic initiatives, technology, and third parties. Ensure risks are prioritised and clearly articulated in business terms (financial, regulatory, reputational) to enable effective decision-making. Drive risk remediation to closure, holding risk owners accountable for delivery and escalating where progress stalls. Ensure risk management is embedded in cross-functional initiatives and considered as part of key business decisions
  • Own and maintain the Information Security Risk Register, ensuring it reflects true risk exposure, progress, and outcomes, not just status updates. Facilitate risk reviews that are focused on decisions, accountability, and measurable progress
  • Define, embed, and maintain the organisation’s risk appetite, ensuring it is actively used in both business and technology decision-making. Establish and track KPIs that measure real improvements in risk posture, not just activity
  • Provide clear, opinionated, and actionable risk insights to senior management and the board. Act as the bridge between technical and business teams, ensuring risks are clearly understood and acted upon
  • Confidently challenge and influence stakeholders to ensure risks are neither understated nor inappropriately accepted
  • Own and continuously improve Awin’s global information security risk management framework, aligned to ISO 27001 and regulatory requirements. Monitor control effectiveness, proactively identify weaknesses, and drive improvements
  • Embed risk management into business processes so that risks are considered early and proactively, rather than retrospectively
  • As the most senior member of the team, mentor and develop GRC team members, building capability in risk management and assurance. Lead horizon scanning across emerging threats, regulatory changes, and industry developments, translating these into practical risk implications and actions for the business

Requirements

  • Proven track record of owning and delivering risk management initiatives end-to-end
  • Experience driving risk remediation across teams without direct authority
  • Strong experience presenting and defending risk positions to senior leadership and boards
  • Hands-on experience within an ISO 27001-certified ISMS environment
  • Strong knowledge of frameworks such as ISO 27001
  • Experience designing, implementing, or improving control frameworks
  • Experience with GRC platforms (e.g. Hyperproof)
  • Confident communicator (with very good English skills) - able to build relationships and challenge/influence senior stakeholders

What we offer

  • Flexi-Week and Work-Life Balance: We prioritise your mental health and well-being, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves as well as volunteer days
  • Remote Working Allowance: You will receive a monthly allowance to cover part of your running costs. In addition, we will support you in setting up your remote workspace appropriately
  • Pension: Awin offers access to an additional pension insurance to all employees in Germany
  • Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions
  • Development: We’ve built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development
  • Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer program

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Information Security Risk Manager

8 matching positions

Sr. Manager, Information Technology and Information Security Risk

Sr. Manager, Information Technology and Information Security Risk Hybrid Work Sc...
Location
Location
United States , Reston
Salary
Salary:
Not provided
tier4group.com Logo
Tier4 Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or related fields (or equivalent work experience) preferred
  • 8–10 years of relevant experience in information security or risk management roles with experience in financial services, banking, payments, fintech, or related regulatory environments preferred
  • Experience with data analytics and visualization tools (e.g., Power BI, Tableau, or Python)
  • Experience working in a regulated financial services or technology environment
  • CRISC, CISSP, CISM, Security+ or CGEIT or similar certifications
Job Responsibility
Job Responsibility
  • Evaluate and provide independent challenge regarding the alignments of the organization’s IT and IS strategy with enterprise business objectives, risk appetite, and regulatory expectations
  • Review and assess the adequacy of information technology and security risk assessments across applications, infrastructure, and business processes
  • Partner with IT project teams to influence decisions related to technology architecture, cybersecurity controls, system implementations, and operational risk mitigation strategies
  • Evaluate new and existing systems, platforms, and SAAS integrations for cybersecurity risks and regulatory compliance impacts
  • Conduct third party and vendor security risk assessments, including review of SOC 1/SOC 2 reports, SIG questionnaires, penetration testing results, and remediation plans to ensure vendor information security practices align with OF expectations
  • Provide effective second-line oversight and credible challenge related to cybersecurity incidents, operational disruptions, and emerging technology risks, including analysis of potential impacts to customer data, financial systems, and regulatory obligations
  • Collaborate with business units and technology teams to identify, document, and monitor risks, ensuring remediation activities meet regulatory timelines and internal risk appetite
  • Oversee the implementation of information technology and security risk management policies and the Cyber-Security Incident Response Plan
  • Conduct cyber security awareness training and education through periodic email phishing tests, in-person and computer-based training, presentations to employees, and security related tabletop exercises
  • Monitor the status of remediation for IT and IS related issues and ensure that the remediation documentation is complete and adequate
  • Fulltime
Read More
Arrow Right

Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustai...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment
  • Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks
  • Proven track record of designing and leading initiatives to enhance security controls and processes
  • Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions
  • Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices
  • Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks
  • Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees
  • Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security
  • Strong leadership capabilities with experience in leading and mentoring risk management professionals
  • Bachelor's degree required
Job Responsibility
Job Responsibility
  • Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape
  • Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite
  • Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations
  • Partner with 2nd line functions to interpret and apply cyber risk requirements and policies accurately
  • Engage with 3rd line functions to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues
  • Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution
  • Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees
  • Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security
  • Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security
  • Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustai...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment
  • Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks
  • Proven track record of designing and leading initiatives to enhance security controls and processes
  • Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions (e.g., Information Security Compliance, Operational Risk, Internal Audit, Regulators)
  • Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices
  • Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks
  • Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees
  • Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security
  • Strong leadership capabilities with experience in leading and mentoring risk management professionals
  • Bachelor's degree required
Job Responsibility
Job Responsibility
  • Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape
  • Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite
  • Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations
  • Partner with 2nd line functions (e.g., Information Security Compliance, Operational Risk Management) to interpret and apply cyber risk requirements and policies accurately
  • Engage with 3rd line functions (e.g., Internal Audit, Compliance Assurance) to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues
  • Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution
  • Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees
  • Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security
  • Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security
  • Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Information Security, Risk & Compliance Manager

The Information Security, Risk & Compliance Specialist will play a key role in d...
Location
Location
Argentina
Salary
Salary:
Not provided
https://feverup.com/fe Logo
Fever
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's Degree in Computer Science, Information Security, Risk Management, or another similar relevant degree (or equivalent experience in a GRC Security role)
  • 4+ years of relevant experience in Information Security, Governance, Risk, and Compliance projects, managing or owning the execution of the projects
  • Strong understanding of security frameworks and standards, such as ISO 27001, NIST, SOC2, or similar
  • Strong understanding of Cloud environments
  • Proven experience in conducting security assessments, risk assessments, and security vendor reviews
  • Analytical skills, autonomy, and accountability
  • Fluent in English
  • Excellent communication skills
Job Responsibility
Job Responsibility
  • Develop and execute the information security and cybersecurity compliance roadmap
  • Maintain key certifications such as ISO 27001, ENS, among others
  • Drive the company’s commitment to achieving the highest security standards
  • Work closely with internal teams to review and maintain information security policies
  • Conduct risk assessments
  • Ensure alignment with governance frameworks
  • Manage and respond to security questionnaires
  • Assist in preparing for external audits
  • Strengthen the organization's security posture by identifying areas for compliance improvement
What we offer
What we offer
  • 40% discount on all Fever events and experiences
  • Osde 410 as medical insurance
  • Home office friendly anywhere in Argentina
  • Responsibility from day one, and professional and personal growth
  • Great work environment with a young, international team of talented people to work with
  • English Lessons
  • Gympass
  • Attractive compensation package consisting of base salary and the potential to earn a significant bonus for top performance (Including Base, Variable, and Stock Options)
  • Fulltime
Read More
Arrow Right
New

Information Security Manager

We are looking for a Lab Security Manager who can rise to the complexity of prot...
Location
Location
United States , Austin
Salary
Salary:
152000.00 - 228000.00 USD / Year
amd.com Logo
AMD
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Background in semiconductor, hardware engineering, or other R&D-intensive industries where pre-release IP protection is mission-critical
  • Experience evaluating and securing connectivity to ODC (Outsourced Design Center) or OSAT (Outsourced Semiconductor Assembly and Test) partners, or equivalent third-party manufacturing and engineering partners in the semiconductor supply chain
  • Experience securing AI/ML compute infrastructure, including familiarity with GPU cluster deployments, fabric interconnects, and associated operational environments
  • One or more relevant certifications: CISSP, CISM, GIAC or equivalent
  • Experience working in or alongside a Security Operations Center (SOC), including familiarity with SIEM platforms, UEBA tools, and alert triage workflows
  • Prior experience in a role that required coordination across physical security, IT security, and legal/compliance functions simultaneously
  • BS/MS preferred in related field
  • SANS, MCSE, RHCSS, CISSP, CISA, CISM certification(s)
Job Responsibility
Job Responsibility
  • Define and enforce security standards across global labs and compute facilities
  • Partner with facilities teams to embed security into lab design and operations
  • Maintain site-specific security plans for critical locations
  • Establish security controls for large-scale compute environments (e.g., GPU clusters, AI farms)
  • Enforce network segmentation, monitoring, and anomaly detection
  • Mitigate risks at the intersection of physical and logical access
  • Lead protection of sensitive IP, including pre-release hardware and software
  • Develop insider threat controls and collaborate with HR, Legal, and SOC
  • Manage protocols for handling sensitive assets, visitors, and contractors
  • Ensure compliance with EAR, ISO, NIST, and other frameworks
  • Fulltime
Read More
Arrow Right
New

CS&S - Security Risk Manager - Linkou

ASML is the world's leading supplier of photolithography systems for the semicon...
Location
Location
Taiwan , Linkou
Salary
Salary:
Not provided
asml.com Logo
ASML
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field
  • Minimum of 10 years' experience in information security risk management
  • Relevant certifications such as CISSP, CISM, or CRISC (strongly preferred)
  • Experience with risk assessment, risk treatment, and control design
  • Knowledge of information security standards and risk frameworks (e.g., ISO 27001, NIST)
  • Experience protecting confidential information and intellectual property
  • Familiarity with identity and access management and secure collaboration practices
  • Experience working with stakeholders at different organizational levels and in cross-functional teams
  • Ability to translate policies and procedures into operational activities
  • Strong communication and influencing skills
Job Responsibility
Job Responsibility
  • Handle local security incidents
  • Provide security awareness training
  • Execute application risk assessments
  • Support new initiatives through risk scoping
  • Define security requirements and validate proper implementation
  • Create visibility into the local risk landscape of supported sectors
  • Evaluate risks against the organization's risk appetite
  • Recommend, support, and guide risk owners in implementing mitigation actions
  • Report to local and central stakeholders
  • Actively participate in programs, projects, and changes
What we offer
What we offer
  • Competitive compensation
  • Continuous learning opportunities
  • Exposure to international teams and projects
  • Fulltime
Read More
Arrow Right

Information Security Manager

Implement and maintain information security policies, standards, and procedures....
Location
Location
Egypt , New Cairo
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s/Master’s degree in Information Technology, Computer Science, Cybersecurity, or related field from a reputable university
  • Minimum of 8 years of experience in information security, with at least 3 years in a managerial role
  • Strong knowledge of IT security frameworks, CBE cybersecurity guidelines, and regulatory compliance
  • Experience in vulnerability management, incident response, and security operations
  • Excellent analytical, problem-solving, and communication skills
  • Preferred certifications include CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or CEH
Job Responsibility
Job Responsibility
  • Implement and maintain information security policies, standards, and procedures
  • Conduct regular security audits, risk assessments, and vulnerability assessments
  • Monitor security events, investigate incidents, and coordinate remediation activities
  • Collaborate with IT and business teams to ensure secure system design and deployment
  • Maintain and update access control mechanisms, encryption standards, and authentication protocols
  • Ensure compliance with relevant cybersecurity and data protection regulations
  • Provide training and awareness programs to staff on information security best practices
  • Prepare reports on information security metrics, risks, and incidents for senior management
  • Fulltime
Read More
Arrow Right

Principal Information Security Manager

This is not a build-from-scratch role. It is a step up in maturity: fewer manual...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
staffbase.com Logo
Staffbase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Fluent in German and English
  • Comfortable with AI-driven tooling
  • actively looks for automation opportunities in compliance and operations
Job Responsibility
Job Responsibility
  • Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation
  • Own the control framework and ensure it stays current as the business evolves
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase credibly in customer security reviews, calls, and audits
  • Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality
  • Maintain the risk register and drive risk treatment decisions with relevant stakeholders
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
  • Own the internal security policy framework, keep it current, understandable, and enforced
What we offer
What we offer
  • attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
  • flexible working time models and the option of hybrid work
  • yearly flex work allowance of €1560
  • 31 vacation days annually (incl. one floating holiday)
  • pro rata fully paid Fridays off during August
  • company pension scheme
  • one day off per year for supporting a social project (Volunteers Day)
  • Fulltime
Read More
Arrow Right