Information Security Compliance Product Owner

Liebherr IT Shared Service Centre Ibérica, S.L. is seeking an Information Security Compliance Product Owner in Madrid. This role is integral to establishing security compliance and certification capabilities, ensuring all regulatory requirements are met., * Define and own the Compliance Product scope and roadmap.

• Maintain an inventory of applicable cybersecurity regulations.
• Govern documentation for ISO/IEC 27001 certification activities.
• Support compliance assessments from customers.

Conocimientos

Information Security Compliance IT Security Regulatory Compliance Stakeholder Management Governance, The Information Security Compliance Product Owner owns the Information Security Compliance Product within the Information Security Governance, Risk and Compliance (GRC) portfolio and is accountable for ensuring that regulatory, contractual, and certification requirements related to information and cybersecurity are identified, assessed, and integrated into the organization's Information Security Framework (ISF).

This role combines product ownership, project delivery and service execution, working closely with internal and external stakeholders.

The working location for this position will be in Madrid city where we are currently setting up a new office. We operate a hybrid model, requiring at least 40% of the working time on-site. Creating passion: your responsibilities

• Compliance Product Ownership & ISF Alignment: Define and own the Compliance Product scope, roadmap, operating model, and KPIs aligned with CIS and GRC strategy. Ensure continuous alignment of ISF components (policies, standards, procedures, control baselines) with regulatory, contractual, and certification requirements.
• Regulatory Compliance: Maintain a centralized inventory of applicable information and cybersecurity regulations (NIS2, GDPR, CRA, EU AI Act, defense-related obligations). Perform regulatory applicability assessments and structured compliance gap analyses. Define, track, and report remediation plans for identified compliance gaps. Monitor regulatory changes and ensure timely updates to the ISF.
• Security Standards Compliance and Certification (ISO/IEC 27001): Govern ISMS and CSMS documentation, readiness, and support in company certification activities, including maintaining required evidence and ensuring delivery during internal and external audits. Track audit findings and corrective actions to closure for areas of responsibility.
• Customer & Stakeholder Assurance: Support with answering compliance and security assessments from customers, contract security clause reviews, and customer audits. Act as the primary compliance point of contact for CIS product and services teams towards IT, Product Security, Legal, and business stakeholders. Report compliance status, certification progress, risks, and KPIs to leadership.

The ideal candidate will have a strong background in information security, excellent stakeholder management skills, and significant experience with ISO/IEC 27001. Benefits include a competitive compensation package and a flexible working model., * 5+ years of experience in information security or IT security roles.

• Certifications such as CISSP, CISM, or CRISC are valued.
• Hands-on experience with ISO/IEC 27001 certification.
• Strong knowledge of global cybersecurity regulations., Bachelor's or Master's degree in Cybersecurity or Computer Science, * Bachelor's or Master's degree in Cybersecurity, Computer Science, or related field.
• 5+ years of working experience in information security, IT Security, compliance or related roles (Information Security Compliance Manager, Information Security Officer, etc).
• Certifications such as CISSP, CISM, CRISC are a plus.
• Hands-on or governance experience with ISO/IEC 27001 certification programs.
• Strong understanding of global cybersecurity regulations (NIS2, GDPR, CRA).
• Experience coordinating audits, regulatory assessments, or certification activities.
• Familiarity with NIST CSF and ISO/IEC 27001 and IEC/62443 governance concepts.
• Demonstrated ability to manage stakeholders across IT, OT, engineering, and business management in complex environments.
• Excellent written and verbal communication skills in English and German is a plus.
• Willingness and ability to travel to Liebherr sites worldwide up to 10% of the time.

Competitive compensation Flexible and hybrid working model Continuous learning opportunities Meal vouchers Life and accident insurance Premium private health insurance option, * Competitive compensation and benefits package that recognizes your expertise.

• Flexible and hybrid working model.
• Creative freedom and responsibility to shape processes and solutions in our global transformation.
• Continuous learning and development with tailored training and certification opportunities.
• Meal vouchers.
• Life and accident insurance.
• Option to include a premium private health insurance package as part of the flexible remuneration.
• A safe, stable and international workplace within a trusted family business that invests in people.

Liebherr is a family-run technology company that is not only one of the largest construction machinery manufacturers in the world, but also offers high-quality, user-oriented products and services in many other areas. The Group employs nearly 50,000 people in more than 140 companies on all continents.