Group Information Security Risk Manager (f/m/d)

We are Uniper

At Uniper, we are pro-actively transforming the world of energy whilst at the same time ensuring security of energy supply. As an internationally operating company, we work in very diverse teams with the greatest possible working time flexibility for our employees. Our corporate culture is characterized by equal opportunities, mutual appreciation, and respect. With us, you will be able to develop new business models, work on technological solutions for a modern, sustainable, and future-oriented energy supply as well as pro-actively help to shape changes. Interested? Then we will look forward to meeting you!

We are seeking a highly skilled Group Information Security Risk Manager to join our Group Information Security team. You will be responsible for risk management and ensuring regulatory compliance (including NIS2, DORA, Cyber Resilience Act, ISO/IEC 27001, and the NIST Cybersecurity Framework). As a central point of contact for information and cyber risks, you will advise and oversee the business lines and ensure that all information security risks are appropriately managed. This role reports directly to the CISO and requires at least 5+ years of experience in information security and risk management, ideally in critical infrastructure or the energy sector.

• Governance: Develop the information security risk framework (policies, guidelines, processes). Independently review the effectiveness of security controls and measures implemented by the first lines and initiate corrective actions where necessary.
• Risk Management: Identify, assess, and monitor information and cyber risks across the entire Uniper Group. Develop risk treatment plans and oversee the implementation of mitigation measures.
• Compliance: Ensure compliance with all relevant legal and regulatory requirements (e.g., NIS2 Directive, DORA, KRITIS etc.) as well as internal policies and industry standards (ISO/IEC 27001, NIST-CSF).
• Management Reporting: Prepare and present regular reports on the information security status and risk profile to top management and the Board of Management. Develop clear KPI/KRI dashboards to visualize trends and progress in risk and compliance. Escalate critical risks to the CISO and, if necessary, to the Board of Management.
• Technical Risk Management: Conduct and support technical risk analyses and security assessments (e.g., threat and vulnerability assessments, risk analyses for various services and systems). Evaluate new technologies, systems, and changes (change risk assessments) from an information security perspective.
• Third-Party Risk Management: Assess security risks related to service providers and partners. Ensure external partners meet security and compliance requirements through contract reviews, security evaluations, and ongoing monitoring of critical vendors.

• University degree in (business) informatics, information security, engineering, or a comparable field. Additional certifications in information security/risk management (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor) are desired.
• At least 5 years of relevant experience in information security, IT risk management, or IT compliance. Experience in a corporate environment or with critical infrastructure (KRITIS), preferably in the energy sector, is desirable.
• Regulatory Expertise: In-depth knowledge of relevant cybersecurity laws and regulations: e.g., EU NIS2 Directive, Digital Operational Resilience Act (DORA), Cyber Resilience Act (EU regulation for digital products), national IT Security Act/BSI Act, and common standards/frameworks (ISO/IEC 27001/27002, NIST-CSF, BSI IT-Grundschutz). Proven experience in implementing these requirements in a corporate setting.
• Information Security Expertise: Deep knowledge of information security methods and techniques: from risk analysis methodologies (e.g., ISO 27005) and vulnerability management to business continuity management (ISO 22301) and incident response. Familiarity with cloud security principles and basic understanding of OT security in industrial environments.
• GRC and Process Knowledge: Experience in using governance, risk & compliance (GRC) tools or ISMS platforms. Experience with risk analysis tools and ticketing systems is a plus.
• Fluent in both German and English (spoken and written). The role requires communication with German-speaking teams and authorities as well as reporting in an international corporate environment.
• Experience working with international teams or projects is an advantage. Cultural awareness and the ability to roll out global security standards across the group are important.

At Uniper, we not only reward our employees with attractive salaries, an excellent company pension and health related benefits for their hard work and dedication to shaping the future energy transition. You can also expect a supportive working culture that offers a wide range of creative and innovative ideas. We enable various flexible working arrangements, whilst also supporting with home office equipment.

• Choosing how, where, and when to work in accordance with your team and the requirements of your job
• Modern and ergonomic equipment for your workplace (home & office)
• Support to balance private life and work: Sabbaticals, part-time possibilities, family service

• Car and bike leasing offer (deferred compensation)
• E-car charging stations at almost all Uniper locations

• Flu vaccination
• Preventive health services
• Employee assistance program

• Employer-funded contributions to a modern pension system
• Possibility of self-funded contributions with employer-funded matching

• Lifelong training
• Coaching

Our employees are the reason for our success. Therefore, you will find many other benefits at the local level to help you reach your potential. Energy evolutionary wanted!

If you have any questions, please do not hesitate to contact us at: career@uniper.energy

Attention! Please apply via the button in this portal. Application documents that reach us by post will not be returned and, like those we receive by e-mail, can unfortunately not be considered!

As an employer, Uniper is committed to diversity and equal opportunities. Therefore, we encourage applications from suitably qualified individuals whose capabilities match the role requirements regardless of gender, origin, disability, age, religion, ideology, sexual identity or marital status. We live inclusion and support flexible working.