Information Security Risk Management Specialist

We are expanding our Global Corporate Information Security Team and looking forward to new colleagues joining our team. The Information Security Risk Management Specialist (m/f/d) supports the implementation and continuous operation of our Information Security Risk Management Product, part of the Governance Risk and Compliance team. The role is responsible for identifying, documenting, assessing, and tracking information security risks across the Liebherr group of companies, and delivering insights through executive-level dashboards and reports. This hybrid role plays a key part in both operational and strategic information security risk governance. Creating passion: your responsibilities Risk Identification and Documentation: maintain and update the risk registers, tracking ownership, mitigation plans, residual risk, and status. Drive risk management data completeness, accuracy, and traceability of risk decisions. Collaborate with IT and business representatives, and technology experts to capture and validate risk information. Risk Assessment and Treatment: Conduct qualitative and or quantitative risk assessments for Liebherr companies (organization level), and from reported security issues from different assessments e.g. internal audits, technical assessments carried out by security architects, etc. Support the evaluation of likelihood, impact, and residual risk, and prepare risk summaries for review by the Risk Management Product Owner. Track mitigation and treatment plans, monitor implementation progress, and flag delays or unresolved risks. Risk Governance and Reporting: Support the preparation and facilitation of Information Risk Committee meetings, including. Develop and maintain security risk management dashboards and reports using business intelligence tools (e.g., Power BI, Tableau). Track and report key risk indicators (KRIs), key performance indicators (KPIs), and risk treatment effectiveness. Continuous Improvement and Support: Contribute to process improvement initiatives for risk assessment and treatment workflows. Maintain and update risk management templates, guidance, and documentation under the supervision of the Risk Management Product Owner. Support audits, internal reviews, and compliance activities related to information risk management. Contributing your strengths: your qualifications Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field. 3+ years of working experience in information security, IT security, risk management or related roles. Certifications such as CISSP, CISM, CRISC are a plus. Understanding of NIST SP 800-39, NIST CSF, and ISO/IEC 27005 risk management concepts. Experience in regulated industries (e.g., manufacturing, defense). Experience with creating and maintaining risk registers, reporting tools, and producing risk management risk indicators, metrics and reports. Demonstrated ability to manage stakeholders across IT, OT, engineering, and business management in complex environments. Good analytical and communication skills to explain risk findings to both technical and non-technical stakeholders. Fluency in English (written and spoken) is a must; skills in German would be an advantage. Our commitment to you: your benefits At Liebherr, we believe people are at the heart of our success. As part of our international team, you’ll enjoy a secure role in a family-owned company that values innovation, collaboration, and long-term career growth: Competitive compensation and benefits package that recognizes your expertise Flexible and hybrid working model Creative freedom and responsibility to shape processes and solutions in our global transformation Continuous learning and development with tailored training and certification opportunities Meal vouchers Life and accident insurance Option to include a premium private health insurance package as part of the flexible remuneration A safe, stable and international workplace within a trusted family business that invests in people Please only use the online application option. Please note that we do not accept applications via recruitment agencies for this position.