Information Security Compliance Product Owner

We are expanding our Global Corporate Information Security (CIS) team and are looking for an

Information Security Compliance Product Owner (m/f/d)
to establish and scale our global security compliance and certification capabilities.

The Information Security Compliance Product Owner owns the Information Security Compliance Product within the Information Security Governance, Risk and Compliance (GRC) portfolio and is accountable for ensuring that regulatory, contractual, and certification requirements related to information and cybersecurity are identified, assessed, and integrated into the organization's Information Security Framework (ISF).

This role combines product ownership, project delivery and service execution, working closely with internal and external stakeholders.

Creating passion: your responsibilities

• Compliance Product Ownership & ISF Alignment: Define and own the Compliance Product scope, roadmap, operating model, and KPIs aligned with CIS and GRC strategy. Ensure continuous alignment of ISF components (policies, standards, procedures, control baselines) with regulatory, contractual, and certification requirements.
• Regulatory Compliance: Maintain a centralized inventory of applicable information and cybersecurity regulations (e.g. NIS2, GDPR, CRA, EU AI Act, defense-related obligations). Perform regulatory applicability assessments and structured compliance gap analyses. Define, track, and report remediation plans for identified compliance gaps. Monitor regulatory changes and ensure timely updates to the ISF.
• Security standards compliance and certification (ISO/IEC 27001): Govern ISMS and CSMS documentation, readiness, and support in companies certification activities, including maintaining required evidence and ensure delivery during internal and external audits, Track audit findings and corrective actions to closure for areas of responsibility.
• Customer & Stakeholder Assurance: Support with answering to compliance and security assessments from customers, contract security clause reviews, and customer audits. Act as the primary compliance point of contact for CIS product and services teams towards IT, Product Security, Legal, and business stakeholders. Report compliance status, certification progress, risks, and KPIs to leadership.

Contributing your strengths: your qualifications

• Bachelor's or Master's degree in Cybersecurity, Computer Science, or related field.
• 5+ years of working experience in information security, IT Security, compliance or related roles (Information Security Compliance Manager, Information Security Officer, etc).
• Certifications such as CISSP, CISM, CRISC are a plus.
• Hands-on or governance experience with ISO/IEC 27001 certification programs.
• Strong understanding of global cybersecurity regulations (e.g. NIS2, GDPR, CRA).
• Experience coordinating audits, regulatory assessments, or certification activities.
• Familiarity with NIST CSF and ISO/IEC 27001 and IEC/62443 governance concepts.
• Demonstrated ability to manage stakeholders across IT, OT, engineering, and business management in complex environments.
• Excellent written and verbal communication skills in English and German is a plus.

Our commitment to you: your benefits
At Liebherr, we believe people are at the heart of our success. As part of our international team, you'll enjoy a secure role in a family-owned company that values innovation, collaboration, and long-term career growth:

• Competitive compensation and benefits package that recognizes your expertise
• Flexible and hybrid working model
• Creative freedom and responsibility to shape processes and solutions in our global transformation
• Continuous learning and development with tailored training and certification opportunities
• Meal vouchers
• Life and accident insurance
• Option to include a premium private health insurance package as part of the flexible remuneration
• A safe, stable and international workplace within a trusted family business that invests in people

Please only use the online application option.

Please note that we do not accept applications via recruitment agencies for this position.

Have we awoken your interest? Then we look forward to receiving your online application. If you have any questions, please contact Karoliina Rissanen.

One Passion. Many Opportunities.
The Company
Liebherr is a family-run technology company that is not only one of the largest construction machinery manufacturers in the world, but also offers high-quality, user-oriented products and services in many other areas. The Group employs nearly 50,000 people in more than 140 companies on all continents.

Location
Liebherr IT Shared Service Centre Ibérica, S.L.

Parque Norte. Alamo building Serrano Galvache, 56

28033 Madrid

Spain (ES)

Contact
Karoliina Rissanen