Cyber Risk Manager

Key Responsibilities

• Define and implement AI governance strategy, policies, and compliance frameworks across IT/OT environments.

• Lead Governance, Risk, and Awareness initiatives, ensuring continuous audit readiness and automation of compliance processes (Compliance-as-Code).

• Oversee cybersecurity awareness programs focused on NIS2 compliance, phishing resilience, Shadow AI risks, and prompt injection threats.

• Collaborate with security and portfolio teams to ensure “Security by Design” principles are embedded into projects and investment decisions.

• Manage technology risk acceptance processes and security policy exceptions within regulated pharmaceutical and manufacturing environments.

• Identify and mitigate risks related to unauthorized AI usage and public AI tools in cooperation with Data Protection Officers (DPIA).

• Supervise remediation of audit findings and report compliance, risk, and behavioral security metrics to executive leadership and Risk Committees.

• Drive continuous adaptation of internal security policies to evolving regulatory requirements, including NIS2, ISO 27001, and the EU AI Act.

Requirements

• Bachelor’s or Master’s degree in Cybersecurity, Risk Management, IT, or a related field.

• 7+ years of experience in Security Governance or Risk Management, including at least 3 years in a leadership role.

• Strong knowledge of the EU AI Act, NIST AI Risk Management Framework, ISO/IEC 27001, and NIS2 requirements.

• Practical experience building governance frameworks within regulated industries such as pharmaceutical or manufacturing environments.

• Understanding of AI/LLM technologies and associated risks, including Shadow AI and prompt injection.

• Experience managing awareness metrics, phishing simulation programs, and security governance KPIs.

• Strong leadership skills with the ability to translate strategic objectives into operational execution across multidisciplinary teams.

• Fluent English proficiency.

Nice to Have

• Certifications such as CAIP, CIPP/E, CGEIT, or similar governance and AI-related credentials.

• Experience in AI governance, enterprise risk management, or regulated OT environments.