Job Description The purpose of a role is: to proactively identify, assess, and manage IT and information security risks within METRO AG and its entities, which includes developing risk management strategies, guidelines, and frameworks. Your tasks: Conduct comprehensive IT and information security risk assessments to identify potential vulnerabilities and threats. Contribute to develop and maintain risk management frameworks, guidelines, and standard operating procedures. Support the Chief Information Security Officer (CISO) and Business Information Security Officers (BISOs) to integrate IT risk management into the broader information security strategy. Monitor and follow-up on risk mitigation efforts & providing guidance and support to METRO entities in implementing effective IT/OT and cyber risk management practices. Prepare and deliver risk-related reports and updates.