Information Security GRC Specialist (f/m/d)

Awin is part of the Axel Springer group, established in 2000, with a dynamic, social, and inclusive culture. The company operates globally with offices in multiple European cities and focuses on building the world's leading open partner ecosystem.

• Proven track record of owning and delivering risk management initiatives end-to-end.
• Experience driving risk remediation across teams without direct authority.
• Strong experience presenting and defending risk positions to senior leadership and boards.
• Hands-on experience within an ISO 27001-certified ISMS environment.
• Strong knowledge of frameworks such as ISO 27001.
• Experience designing, implementing, or improving control frameworks.
• Experience with GRC platforms (e.g., Hyperproof).
• Confident communicator with very good English skills, able to build relationships and challenge/influence senior stakeholders.

• Lead enterprise-wide risk identification and assessment across strategic initiatives, technology, and third parties.
• Ensure risks are prioritised and clearly articulated in business terms to enable effective decision-making.
• Drive risk remediation to closure, holding risk owners accountable and escalating where progress stalls.
• Ensure risk management is embedded in cross-functional initiatives and key business decisions.
• Own and maintain the Information Security Risk Register, reflecting true risk exposure and progress.
• Facilitate risk reviews focused on decisions, accountability, and measurable progress.
• Define, embed, and maintain the organisation’s risk appetite for business and technology decision-making.
• Establish and track KPIs measuring real improvements in risk posture.
• Provide clear, actionable risk insights to senior management and the board.
• Act as a bridge between technical and business teams to ensure risks are understood and acted upon.
• Challenge and influence stakeholders to ensure risks are appropriately accepted.
• Own and improve Awin’s global information security risk management framework aligned to ISO 27001 and regulatory requirements.
• Monitor control effectiveness, identify weaknesses, and drive improvements.
• Embed risk management into business processes proactively.
• Mentor and develop GRC team members, building capability in risk management and assurance.
• Lead horizon scanning across emerging threats, regulatory changes, and industry developments, translating these into practical risk implications and actions.