We are seeking a seasoned professional to lead our IT audit initiatives.
1. Develop and execute comprehensive audit plans on a risk-based approach, encompassing short-term, mid-term, and long-term strategies.
2. Conduct internal audits focused on tech areas within regulated and non-regulated entities, ensuring adherence to industry standards and regulatory requirements.
3. Coordinate audit requests, perform audit defense on external IT assessments, and provide strategic recommendations for improvement.
4. Report directly to management on audit results, identifying trends and areas for enhancement.
5. Collaborate with auditees to discuss mitigating measures and follow up on mitigation plans in a planned manner.
6. Ensure compliance with internal and external information security-related requirements, such as DORA, PCI-DSS, ISO 27001, or ISO 22301.
7. Additionally, you will plan and execute third—and partly fourth-party audits in the context of the Digital Operational Resilience Act (DORA).
8. Completed studies in either Computer Science, IT Security, Information Security, Cyber Security, IT Governance/Management, or a related discipline.
9. 5+ years of experience in auditing or consulting companies in regulated industries, ideally in the financial sector, focusing on IT/Tech.
10. Specialized knowledge in Access Controls, API and Web Service Security, Configuration Management, Cloud Security, Authentication and Authorization, Secure Communication, and Penetration Testing.
11. Best practices experience in end-to-end IT audits, including scoping, fieldwork, reporting, and follow-up activities, following a risk-based auditing, including control testing.
12. Experience with standards such as ISO 27001:2022, BSI C5, ITIL, and COBIT is advantageous.
13. You have excellent English language skills; German language skills are a big plus.
14. Certifications such as CISA, CISM, CRISC, CISSP, Azure AZ/DP, or AWS