PstrongWe are looking for abrSenior Manager IT Audit ( /strong strongm/f/d) /strongbrstrong(unlimited, full-time) Join our team at our locations in Berlin, Verl, and Amsterdam – flexible working conditions available /strong /p pstrongWhat you bring to this position /strong /pul no-style="list-style-type:square;margin-bottom:11.0px"liCompleted studies in either Computer Science, IT Security, Information Security, Cyber Security, IT Governance/Management, or a related discipline. /lili5+ years of experience in auditing or consulting companies in regulated industries, ideally in the financial sector, focusing on IT/Tech. /liliSpecialized knowledge in Access Controls, API and Web Service Security, Configuration Management, Cloud Security, Authentication and Authorization, Secure Communication, and Penetration Testing. /liliBest practices experience in end-to-end IT audits, including scoping, fieldwork, reporting, and follow-up activities, following a risk-based auditing, including control testing. /liliExperience with standards such as ISO 27001:2022, BSI C5, ITIL, and COBIT is advantageous. /liliYou have excellent English language skills; German language skills are a big plus. /liliCertifications such as CISA, CISM, CRISC, CISSP, Azure AZ/DP, or AWS “Certified” are highly advantageous. /liliYou are willing to travel nationally and internationally (up to 20%) when needed, while 80% working from home is possible. /li /ulpbrstrongWhat will be your challenge? /strong /pul no-style="list-style-type:square;margin-bottom:11.0px"liPlan audits on a short-term, mid-term, and long-term risk-based approach. /liliConduct internal audits focused on tech areas within the regulated and non-regulated entities of Riverty. /liliCoordinate audit requests and perform audit defense on external IT assessments in the second line of defense. /liliReport directly to management about audit results and consolidate results to show trends to management. /liliDiscuss mitigating measures with the auditees and follow up on the mitigation plans in a planned manner. /liliEnsure compliance with internal and external information security-related requirements, such as DORA, PCI-DSS, ISO 27001, or ISO 22301. /liliAdditionally, you will plan and execute third—and partly fourth-party audits in the context of the Digital Operational Resilience Act (DORA). /li /ulp#EUR13 /p