Login

Information Security Risk Manager (f/m/d)

Iași, Iași, Romania; Madrid, Madrid, Spain; Milano, Milan, Italy; Warsaw, Masovian Voivodeship, Poland

Apply now

Purpose of Position

To lead and mature Awin’s global Information Security Risk Management capability by ensuring the business understands, owns, and appropriately mitigates its information security risks. This role drives structured risk identification, assessment, and reporting processes, ensuring alignment with international frameworks and regulatory requirements. Acting as a senior advisor to the organisation and the board, the role ensures risk appetite is defined, monitored, and communicated, while highlighting control weaknesses and driving accountability for effective risk treatment across the enterprise.

Core Responsibilities

  • Own, develop, and continuously improve Awin’s global information security risk management framework, ensuring alignment with ISO 27001 and regulatory requirements.
  • Lead enterprise-level risk identification and assessment processes, covering strategic initiatives, projects, technologies, and third-party engagements.
  • Ensure risks are prioritised and quantified in business terms (e.g., impact on revenue, reputation, compliance), enabling clear decision-making.
  • Work with executive leadership and the board to define, review, and communicate the organisation’s risk appetite and tolerance levels.
  • Provide clear and actionable risk insights to governance committees, senior management, and the board.
  • Monitor the effectiveness of internal controls and highlight deficiencies or failures that expose the business to risk.
  • Recommend and track remediation or compensating controls, ensuring accountability across risk owners.
  • Own the Information Security Risk Registers, ensuring risks are accurately recorded, updated, and tracked to closure.
  • Facilitate regular reviews with risk owners to validate status, treatment plans, and residual risk.
  • Embed risk management practices into strategic and operational decision-making, ensuring risks are considered early in the business lifecycle.
  • Act as the bridge between technical teams, business stakeholders, and governance bodies to ensure risks are clearly articulated and understood.
  • Stay informed on regulatory changes, emerging threats, and industry best practices, translating them into risk implications for the business
  • Ensure risk posture evolves with the external environment.

Additional GRC Activities

  • Mentor and develop GRC team members to build expertise in risk management and assurance.
  • Establish KPIs and dashboards to measure and report on risk posture, risk treatment progress, and control effectiveness.
  • Represent risk management interests in cross-functional and enterprise-level initiatives.

Professional experience and skills:

  • 5+ years of experience in an Information Security or IT Risk/Compliance role within a GRC function.
  • 2+ years of experience as a lead or senior GRC professional
  • Proven experience working within an ISMS environment certified to ISO 27001.
  • Strong experience conducting and presenting security risk assessments to senior leadership and boards.
  • Solid understanding of security frameworks and standards: ISO 27001, NIST CSF, CIS, GDPR.
  • Demonstrated success in designing or overseeing internal control frameworks (e.g. ISO 27001, NIST CSF).
  • Excellent written communication and documentation skills.
  • Strong attention to detail with a methodical and analytical mindset.
  • Strong stakeholder management skills with the ability to engage and influence at senior levels (up to board/C-level).
  • Ability to collaborate across departments and build stakeholder trust.
  • Proactive and adaptable; comfortable working in a fast-paced, changing environment.
  • Demonstrates a project-oriented mindset with the ability to prioritise and manage competing tasks.
  • Bachelor’s degree in Information Security, Cybersecurity, Business, or a related field.
  • Certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor/Implementer.
  • Experience with OneTrust, Hyperproof or other GRC platforms.
  • Familiarity with Confluence, Jira, Asana, Teams, Slack and similar collaboration tools.
  • Knowledge of core IT infrastructure, identity and access management, network security principles, and cloud environments (e.g. AWS, Azure, GCP) — from a governance and risk perspective is desirable.

Our Offer

  • Flexi-Week and Work-Life Balance: We prioritise your mental health and wellbeing, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves.
  • Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions
  • Health & Well Being: With our support and access to various initiatives and sports offers, you can devote yourself to your mental and physical well-being. .
  • Development: We’ve built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development.
  • Remote Working Allowance: You will receive a monthly allowance to cover a part of your running costs. In addition, we will support you in setting up your remote workspace appropriately.
  • Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer program.
  • We are hiring in multiple countries, additional benefits in terms of health, well being, security and more will be discussed further upon first initial interview with the talent team.

Established in 2000, Awin is proud of our dynamic, social and inclusive culture.

Like all businesses, we’ve had to adapt and nurture our culture in a virtual environment. Our virtual ‘Life @ Awin’ hub brings our colleagues from across the globe together for various social activities.

Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world’s leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know.

Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development.

#LI-MM1