Supply Chain Risk Management Product Owner (m / f / x)

At Liebherr-IT Services GmbH, we value the development of individual and entrepreneurial needs and therefore live the flex office.

Work in a hybrid model with flexible working hours – both on site and mobile. We will not respond to applications between 24 December 2025 and 6 January 2026 due to limited availability during the holiday season. Thank you for your understanding.

• Governance and program planning: Own and operate the global SCRM process in close collaboration with the Risk Management Product team. Develop and maintain the SCRM process aligned with business needs, security risk appetite and compliance obligations.
• Contractual Security Requirements: Define standard cybersecurity requirements for contracts and collaborate with Legal and Procurement to ensure their adoption for high-risk suppliers. Review and approve exceptions to standard security clauses based on risk-based justifications.
• Supplier Risk Classification and Tiering: Implement supplier risk tiering and classification framework based on criticality, data access, regulatory exposure, and inherent risk. Ensure consistent application of the tiering model and conduct periodic reviews to adjust for changes in the threat landscape.
• Supplier Assessments and Security Assurance: Oversee the planning, scoping, and execution of supplier security assessments, including onboarding and recurring reviews. Manage external assessment providers and ensure timely, high‑quality outputs. Track remediation plans for non‑compliant suppliers and escalate unresolved risks.
• Operational Oversight: Maintain a central inventory of suppliers with risk tier classification, risk posture, and assessment status. Monitor and ensure SLA adherence of managed service providers conducting risk assessments and audits. Serve as the central point of contact for business units, Legal, Procurement, and Compliance regarding supplier risk issues.
• Continuous Improvement and Reporting: Analyze trends and findings from supplier assessments to drive service enhancements and efficiency. Report key risk indicators and metrics and support internal or external audits related to third‑party risk. Support regulatory reporting requirements related to supplier security.

• Bachelor’s / Master’s in Cybersecurity, Computer Science, or related field.
• 7+ years of working experience in information security, IT security or related roles.
• 5+ years of working experience in medium to large organizations in supply / third‑party risk management roles.
• Certifications such as CISSP, CISM, CRISC are a plus.
• Strong knowledge of governance frameworks related to supply chain risk management (NIST CSF, SP800‑161, ISO 27001) as well as familiarity with VS‑NfD and NIST SP 800‑171 requirements.
• Demonstrated experience managing external assessment providers.
• Demonstrated ability to manage stakeholders across IT, OT, engineering, and executive leadership in complex environments.

• Experience in product ownership and service delivery using SAFe (Scaled Agile Framework) or similar agile methodologies.
• Excellent written and verbal communication skills in English and German.

• Attractive remuneration and social benefits
• Flexible and hybrid working
• Freedom for creative work
• Company pension scheme
• Crisis‑proof workplace
• Individual development and training opportunities
• Employee benefits & discounts
• Bicycle leasing through salary conversion
• Healthy & regional catering in the company restaurant
• Company health management programme EGYM Wellpass

Get your own impression of our Oberopfingen site: Liebherr - Imagefilm Standort Oberopfingen - YouTube and find your perfect match in our family business: Liebherr - Finde dein perfektes Match! (youtube.com)

We encourage you to apply online. If you have questions, please contact Verena Maucher at verena.maucher@liebherr.com.

Liebherr-IT Services GmbH
St. Vitus 188457
Kirchdorf / Oberopfingen
Deutschland (DE)