Information Security Risk Management Product Owner (m/f/d
We are expanding our Global Corporate Information Security Team and looking forward to new colleagues joining our team. The Information Security Risk Management Product Owner (m/f/d) leads the design, improvement, and delivery of our information security risk management capability.
The role defines risk governance and methods and drives end-to-end risk activities—including risk treatment decisions, mitigation tracking, POA&Ms, exception management, risk acceptance, and operation of the risk register – in collaboration with information security teams and business stakeholders. The role coordinates risk assessment and monitoring activities and reports key risks and trends to management through relevant committees and governance bodies.
The working location for this position will be in Madrid city where we are currently setting up a new office. We operate a hybrid model, requiring at least 40% of the working time on-site.
Creating passion: your responsibilities
Risk Management Product Ownership & Governance: Define and own the Risk Management Product scope, operating model, roadmap, and KPIs aligned with CIS and GRC strategy. Establish risk governance, decision rights, committees, and escalation paths, and ensure risk management is embedded into business and IT decision-making. Drive delivery of Risk Management initiatives with end-to-end, coordinating activities, milestones, and outcomes directly with stakeholders. Enterprise Information Security Risk Framework & Practices: Define and maintain the risk management framework, including methodology, policy/standard, templates, workflows, risk taxonomy, and impact criteria (risk impact matrices) for group, divisions, companies, and systems. Ensure risk practices are standardized, measurable, and consistently applied.
End-to-End Risk Lifecycle & Risk Register Operations: Operate supported by different information security teams with assigned responsibility for risk management the unified risk register and enable end-to-end risk management activities across group, division and company layers, including risk identification, assessment, treatment decisions, mitigation tracking, POA&Ms, exception management, and formal risk acceptance. Support business and IT risk owners to ensure traceable ownership and timely risk decisions.
Cross-Product Coordination for Risk Assessments & Monitoring: Coordinate risk-related activities across CIS products and services to ensure consistent assessment of inputs, outputs, and handoffs. Aggregate and govern follow-up of risks arising from controls assessments, internal audits, and other security assessments; monitor status, drive closure, and ensure consistent reporting of residual risk.
Risk Reporting & Executive Oversight: Provide visibility of key risks, trends, KRIs, exceptions, and overdue risk decisions through dashboards and reporting. Report risk status and performance to management through relevant committees and governance bodies, and drive continuous improvement based on metrics and lessons learned.
Contributing your strengths: your qualifications
- Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field
- 5+ years of working experience in information security, IT security, risk management or related roles.
- Certifications such as CISSP, CISM, CRISC are a plus.
- Strong understanding of NIST SP 800-39, NIST CSF, and ISO/IEC 27005 risk management concepts.
- Experience in regulated industries (e.g., manufacturing, defense).
- Experience with a GRC/risk platform (e.g., ServiceNow GRC or similar), power BI and or similar tools for information security risk management reporting.
- Demonstrated ability to manage stakeholders across IT, OT, engineering, and business management in complex environments.
- Good analytical and communication skills to explain risk findings to both technical and non-technical stakeholders.
- Fluency in English (written and spoken) is a must; skills in German would be an advantage.
- Willingness and ability to travel to Liebherr sites worldwide up to 20% of the time (mostly Europe).
Our commitment to you: your benefits
At Liebherr, we believe people are at the heart of our success. As part of our international team, you’ll enjoy a secure role in a family-owned company that values innovation, collaboration, and long-term career growth:
- Competitive compensation and benefits package that recognizes your expertise
- Flexible and hybrid working model
- Creative freedom and responsibility to shape processes and solutions in our global transformation
- Continuous learning and development with tailored training and certification opportunities
- Meal vouchers
- Life and accident insurance
- Option to include a premium private health insurance package as part of the flexible remuneration
- A safe, stable and international workplace within a trusted family business that invests in people
Please only use the online application option.
Please note that we do not accept applications via recruitment agencies for this position.
Have we awoken your interest? Then we look forward to receiving your online application. If you have any questions, please contact Karoliina Rissanen.
One Passion. Many Opportunities.
The company
Liebherr is a family-run technology company that is not only one of the largest construction machinery manufacturers in the world, but also offers high-quality, user-oriented products and services in many other areas. The Group employs nearly 50,000 people in more than 140 companies on all continents.
Location
Liebherr IT Shared Service Centre Ibérica, S.L.
Parque Norte. Alamo building Serrano Galvache, 56
28033 Madrid
Spain (ES)
Contact
Karoliina Rissanen
karoliina.rissanen@liebherr.com
