Security Risk Manager

The Position

We are looking for a Security Risk Manager based in Ingelheim to deliver the implementation of Enterprise Security Risk Management programmes including EU resilience legislation (NIS2 and CER) and strengthen our organization’s ability to manage disruption, protect critical services, and meet evolving regulatory expectations.

This position has a hybrid setup of approximately 3 days per week on site.

Tasks & responsibilities

  • In this role, you will support the delivery of enterprise security risk management (ESRM) across the organization, embedding a consistent, risk-based approach to identifying, assessing, and managing security risks to critical operations.
  • By translating regulatory requirements, you will turn frameworks such as NIS2, CER, and related standards into practical controls, governance structures, and ways of working that integrate into day-to-day operations.
  • Within your area of responsibility, you will assess risks across cyber, physical, operational, and third-party domains, ensuring a joined-up, enterprise-wide view of risks impacting critical services.
  • As part of the team, you will contribute to the design and implementation of security and resilience frameworks, including policies, standards, controls, and assurance processes that are practical and scalable.
  • With a focus on transparency, you will provide clear, actionable insight to senior stakeholders on risk exposure, compliance posture, and prioritized mitigation actions.
  • Working cross-functionally, you will embed security risk management into business operations, strengthening overall resilience and enabling risk-informed decision-making.

Requirements

  • Relevant qualifications in Security Management, Information Security, Risk Management, or equivalent hands-on experience. Additional qualifications in project management, auditing or related disciplines would be an advantage.
  • Proven experience delivering enterprise security risk management across physical, cyber, and operational domains in complex or regulated environments including exposure to third-party / supply chain risk management and critical service dependencies.
  • Strong practical experience in risk assessment, control design, and implementation, with the ability to embed these into day-to-day operations and capability in data, analytics, and dashboarding to support risk-based decision-making.
  • Experience translating regulatory and framework requirements (e.g. NIS2, CER, ISO, or similar) into actionable controls and governance.
  • Track record of delivering cross-functional risk or security initiatives, including audit support and assurance activities.
  • Strong stakeholder management skills, with the ability to influence, challenge, and communicate risk clearly at all organizational levels.
  • Experience driving change, transformation, or programme delivery in global organizations.

As part of our commitment to transparency and fairness, salary information will be shared during the recruitment process. We also offer a comprehensive benefits and wellbeing package.

Applications from persons with severe disabilities are warmly welcomed. In cases of equal qualifications, such applicants will be given preferential consideration in the selection process.

Ready to contact us? 

If you have any questions about the job posting or process - please contact our HR Direct Team, Tel: +49 (0) 6132 77-3330 or via mail: hr.de@boehringer-ingelheim.com

Recruitment process:
Step 1: Online application - The job posting is presumably online until July 24th, 2026. We reserve the right to take the posting offline beforehand. Applications up to July 20th are guaranteed to be considered.
Step 2: Virtual meetings until end of August.
Step 3: On-site interviews mid of September. 

Please submit your application documents in English.