Information Security Risk Manager (f/m/d)

Awin is a company established in 2000, part of the Axel Springer group, with a dynamic, social, and inclusive culture. The company operates globally with offices in multiple European cities including Berlin, Munich, Madrid, Warsaw, London, Milan, Iași, Stockholm, and Paris.

• Proven track record of owning and delivering risk management initiatives end-to-end.
• Experience driving risk remediation across teams without direct authority.
• Strong experience presenting and defending risk positions to senior leadership and boards.
• Hands-on experience within an ISO 27001-certified ISMS environment.
• Strong knowledge of frameworks such as ISO 27001.
• Experience designing, implementing, or improving control frameworks.
• Experience with GRC platforms (e.g., Hyperproof).
• Confident communicator with very good English skills, able to build relationships and challenge/influence senior stakeholders.

• Lead enterprise-wide risk identification and assessment across strategic initiatives, technology, and third parties.
• Ensure risks are prioritised and clearly articulated in business terms to enable effective decision-making.
• Drive risk remediation to closure, holding risk owners accountable and escalating where progress stalls.
• Ensure risk management is embedded in cross-functional initiatives and considered in key business decisions.
• Own and maintain the Information Security Risk Register, ensuring it reflects true risk exposure, progress, and outcomes.
• Facilitate risk reviews focused on decisions, accountability, and measurable progress.
• Define, embed, and maintain the organisation’s risk appetite, ensuring active use in business and technology decision-making.
• Establish and track KPIs measuring real improvements in risk posture.
• Provide clear, opinionated, and actionable risk insights to senior management and the board.
• Act as a bridge between technical and business teams to ensure risks are understood and acted upon.
• Challenge and influence stakeholders to ensure risks are neither understated nor inappropriately accepted.
• Own and continuously improve Awin’s global information security risk management framework aligned to ISO 27001 and regulatory requirements.
• Monitor control effectiveness, proactively identify weaknesses, and drive improvements.
• Embed risk management into business processes to consider risks early and proactively.
• Mentor and develop GRC team members, building capability in risk management and assurance.
• Lead horizon scanning across emerging threats, regulatory changes, and industry developments, translating these into practical risk implications and actions.