What we achieve together

In your role as Senior Project Manager (m/f/d) Information Security & Regulatory Compliance, you will assume central responsibility for the cyber, product, and production security of our company. You ensure that regulatory requirements – particularly those defined by the Cyber Resilience Act (CRA) and NIS2 – are translated into robust, practical processes and technical measures that sustainably protect our production environments, connected devices, and IT/OT infrastructures.

• End‑to‑end responsibility for the current implementation of the Cyber Resilience Act (CRA) across the entire company
• Translation of regulatory requirements into practical roadmaps, security processes, policies, and control mechanisms
• Coordination of all relevant departments, including Cybersecurity, IT Architecture, Product Development, Compliance, Legal, and Quality Management
• Development and management of roadmaps, implementation paths, and maturity concepts, considering technical and organizational dependencies
• Execution of gap analyses, risk assessments, and conformity evaluations, including derivation of measures and risk‑based prioritization
• Regulatory monitoring: evaluation of new requirements and their impact on systems, processes, and products
• Representation of the company towards authorities, auditors, and certification bodies, including preparation for audits
• Transparent communication of the status quo to senior management, project committees, and technical stakeholders
• Key role within the Group Information Security Office under the CISO, contributing to the overall security posture of the entire corporate group

What makes us successful together

• A completed degree (Bachelor or Master) in IT, Business Informatics, Cybersecurity, Engineering, or a comparable qualification – ideally with additional training or certifications in information security
• Solid/multi‑year professional experience in information security and its regulatory environment
• Additional experience in project management and international environments, with project sizes of more than 10 people and budget responsibility, as well as experience in IT and cyber security (including CRA, NIS2, NIST CSF, ISO 27001, IEC 62443)
• Strong understanding of product and OT security (embedded systems, firmware, software, mobile apps)
• The ability to translate complex regulatory requirements into pragmatic technical measures
• Working style & language: reliable, precise, independent, and goal‑oriented way of working, as well as appropriate communication in fluent English and German, paired with intercultural competence

What you can count on

• Hybrid Work: We offer our employees the opportunity to work on a hybrid basis. There is also the option to temporarily work from a country within the European Union
• You will work in a fast growing, agile and very dynamic team that challenges established routines and helps transforming the Vaillant Group to a data informed business
• Buy vacation days: Whether you need a longer break for a vacation, more time with your family or simply a break from your daily work routine - purchasing additional vacation days gives you the chance to take an extended break