Information Security Risk Manager

Job Description

As an Information Security Risk Manager, you will be part of a centralized information security governance team providing security risk management services across multiple Deutsche Telekom legal entities. The role focuses on operating and continuously improving the information security risk management framework, while supporting and enabling local risk managers through consultation, training, and professional use of GRC tools. You will contribute to transparent risk reporting, effective risk mitigation, and harmonized governance practices in a complex, multinational environment.

Your Tasks

• Operate and continuously improve the information security risk management process, methodologies, and related policies
• Ensure alignment with group-level security standards and governance requirements
• Support the integration of risk management into business and IT processes

• Act as a trusted advisor for supported legal entities on information security risk topics
• Train and upskill local risk managers on risk processes, methods, and policies
• Provide hands-on guidance during risk identification, assessment, and treatment

• Support professional usage of the GRC platform by local risk managers
• Assist in risk creation, maintenance, and lifecycle management within the tool
• Collect user feedback and represent business needs toward process and tool improvements

• Identify, create, and manage information security risks in cooperation with stakeholders
• Monitor and support risk mitigation actions, including follow-up on progress and effectiveness
• Ensure risks are properly documented and audit-ready

• Prepare and maintain Top 10 risk reports, quarterly risk summaries, and ad-hoc reports
• Define, monitor, and analyze risk KPIs and metrics
• Provide management with insights on risk trends and improvement areas

Qualifications

• Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, Business Informatics, or a related field
• High-level English language knowledge (spoken and written)
• At least mid-level German language proficiency

• 3–7+ years of experience in Information Security / Cybersecurity / Risk Management / GRC roles
• Experience in large enterprise or multinational environments

• Strong understanding of information security risk management frameworks (e.g. ISO 27005, NIST RMF)
• Knowledge of information security standards (e.g. ISO 27001, NIST, CIS)
• Ability to apply security governance principles in practical, business-aligned ways

• Strong communication and stakeholder management skills
• Ability to explain security and risk topics in business-friendly language
• Structured, proactive, and solution-oriented mindset

Additional Information

• Experience in training, coaching, or enablement activities
• Experience working in a shared service or internal consulting model is an advantage
• CRISC, CISM, CISSP
• COBIT, ITIL or similar governance-related certifications
• Hands-on experience with GRC tools (e.g. ServiceNow, Archer, OneTrust, or similar)

*Please be informed that our remote working possibility is only available within Hungary due to European taxation regulation.

* Please be informed that our remote working possibility is only available within Hungary due to European taxation regulation.