Position overview
The Information Security Manager is responsible for establishing, coordinating, and maintaining all information security–related activities within the division. The role ensures compliance with relevant security standards and regulatory requirements (e.g. NIS2, ISO/IEC 27001, Cyber Resilience Act), supports secure processes across IT, OT, and product environments, and aligns divisional practices with Group Security Strategy. The position acts as the divisional subject‑matter expert and single point of contact for security, operating independently and cross‑functionally.
Your Responsibilities
- Information Security Management: Define and maintain division‑specific security policies, standards, and procedures; perform risk assessments; manage the security risk register; and support correct information classification and protection
- Regulatory Compliance (NIS2 / ISO 27001 / CRA): Lead divisional readiness for NIS2 and ISO/IEC 27001, coordinate audits and documentation, and support product‑related cybersecurity requirements in line with the Cyber Resilience Act; maintain a regulatory dotted‑line reporting relationship to the EVP to ensure transparency and escalation on compliance‑relevant matters
- Security Operations & Incident Handling: Serve as divisional coordinator for security incidents and align with Group processes, including vulnerability management and remediation tracking
- Supplier & Third‑Party Security: Conduct supplier security assessments, ensure contractual requirements are met, and follow up on deviations and corrective actions
- Awareness & Training: Coordinate mandatory security awareness activities and enable role‑based security competence across relevant teams
- Project & Product Security Support: Advise ISM, R&D, Operations, and other functions on necessary security requirements, ensuring their integration into projects, products, systems, and processes
- Governance, Process Oversight & Reporting: Define, monitor, and continuously improve security‑relevant governance and compliance processes; act as senior escalation authority for internal and external audits; prepare regular reports on security status, risks, and KPIs for divisional management; and ensure close alignment with Group Security and other divisions