Group Information Security Risk Manager (f/m/d)

Overview

We are Uniper. At Uniper, we are pro-actively transforming the world of energy whilst ensuring security of energy supply. As an internationally operating company, we work in diverse teams with flexible working time. Our corporate culture is characterized by equal opportunities, mutual appreciation, and respect. We aim to develop new business models and work on technological solutions for a modern, sustainable, and future-oriented energy supply.

Your responsibilities

We are seeking a highly skilled Group Information Security Risk Manager to join our Group Information Security team. You will be responsible for risk management and ensuring regulatory compliance (including NIS2, DORA, Cyber Resilience Act, ISO/IEC 27001, and the NIST Cybersecurity Framework). You will act as a central point of contact for information and cyber risks, advise the business lines, and ensure that all information security risks are appropriately managed. This role reports to the CISO and requires at least 5+ years of experience in information security and risk management, ideally in critical infrastructure or the energy sector.

Key Responsibilities:

• Governance: Develop the information security risk framework (policies, guidelines, processes). Independently review the effectiveness of security controls and measures implemented by the first lines and initiate corrective actions where necessary.
• Risk Management: Identify, assess, and monitor information and cyber risks across the entire Uniper Group. Develop risk treatment plans and oversee the implementation of mitigation measures.
• Compliance: Ensure compliance with all relevant legal and regulatory requirements (e.g., NIS2 Directive, DORA, KRITIS) as well as internal policies and industry standards (ISO/IEC 27001, NIST-CSF).
• Management Reporting: Prepare and present regular reports on the information security status and risk profile to top management and the Board of Management. Develop KPI/KRI dashboards to visualize trends and progress in risk and compliance. Escalate critical risks to the CISO and, if necessary, to the Board of Management.
• Technical Risk Management: Conduct and support technical risk analyses and security assessments (e.g., threat and vulnerability assessments, risk analyses for various services and systems). Evaluate new technologies, systems, and changes from an information security perspective.
• Third-Party Risk Management: Assess security risks related to service providers and partners. Ensure external partners meet security and compliance requirements through contract reviews, security evaluations, and ongoing monitoring of critical vendors.

Your profile

• University degree in (business) informatics, information security, engineering, or a comparable field. Additional certifications in information security/risk management (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor) are desired.
• At least 5 years of relevant experience in information security, IT risk management, or IT compliance. Experience in a corporate environment or with critical infrastructure (KRITIS), preferably in the energy sector, is desirable.
• Regulatory Expertise: In-depth knowledge of relevant cybersecurity laws and regulations (e.g., EU NIS2 Directive, DORA, Cyber Resilience Act, national IT Security Act/BSI Act) and common standards/frameworks (ISO/IEC 27001/27002, NIST-CSF, BSI IT-Grundschutz). Proven experience implementing these requirements in a corporate setting.
• Information Security Expertise: Knowledge of information security methods and techniques, including risk analysis methodologies (ISO 27005), vulnerability management, business continuity management (ISO 22301), and incident response. Familiarity with cloud security principles and basic understanding of OT security in industrial environments.
• GRC and Process Knowledge: Experience with governance, risk & compliance (GRC) tools or ISMS platforms. Experience with risk analysis tools and ticketing systems is a plus.
• Fluent in German and English (spoken and written). The role requires communication with German-speaking teams and authorities and reporting in an international corporate environment.
• Experience working with international teams or projects is an advantage. Cultural awareness and the ability to roll out global security standards across the group are important.

Your benefits

At Uniper, we offer competitive salaries and benefits, including an attractive company pension and health-related benefits. We support a flexible working culture with home office options, regular training, and development opportunities. We value diversity and international collaboration across more than 80 countries.

Work-Life-Balance / New Normal:

• Choosing how, where, and when to work in accordance with your team and the requirements of your job
• Modern and ergonomic equipment for your workplace (home & office)
• Support to balance private life and work: Sabbaticals, part-time possibilities, family service

Mobility:

• Car and bike leasing offer (deferred compensation)
• E-car charging stations at almost all Uniper locations

Health offers:

• Flu vaccination
• Preventive health services
• Employee assistance program

Company pension:

• Employer-funded contributions to a modern pension system
• Possibility of self-funded contributions with employer-funded matching

Trainings:

• Lifelong training
• Coaching

We invite you to become part of our diverse company with international colleagues from more than 80 countries. As an employer, Uniper is committed to providing equal opportunities. We encourage applications from suitably qualified individuals regardless of gender, origin, disability, age, religion, ideology, sexual identity or marital status. We live inclusion and support flexible working.

Your contact

If you have any questions, please contact us at:

Attention! Please apply via the portal. Application documents received by post or by e-mail cannot be considered.