We are looking for a
Senior Manager IT Audit (m/f/d)
(unlimited, full-time) Join our team at our locations in Berlin, Verl, and Amsterdam – flexible working conditions available
What you bring to this position
* Completed studies in either Computer Science, IT Security, Information Security, Cyber Security, IT Governance/Management, or a related discipline.
* 5+ years of experience in auditing or consulting companies in regulated industries, ideally in the financial sector, focusing on IT/Tech.
* Specialized knowledge in Access Controls, API and Web Service Security, Configuration Management, Cloud Security, Authentication and Authorization, Secure Communication, and Penetration Testing.
* Best practices experience in end-to-end IT audits, including scoping, fieldwork, reporting, and follow-up activities, following a risk-based auditing, including control testing.
* Experience with standards such as ISO 27001:2022, BSI C5, ITIL, and COBIT is advantageous.
* You have excellent English language skills; German language skills are a big plus.
* Certifications such as CISA, CISM, CRISC, CISSP, Azure AZ/DP, or AWS “Certified” are highly advantageous.
* You are willing to travel nationally and internationally (up to 20%) when needed, while 80% working from home is possible.
What will be your challenge?
* Plan audits on a short-term, mid-term, and long-term risk-based approach.
* Conduct internal audits focused on tech areas within the regulated and non-regulated entities of Riverty.
* Coordinate audit requests and perform audit defense on external IT assessments in the second line of defense.
* Report directly to management about audit results and consolidate results to show trends to management.
* Discuss mitigating measures with the auditees and follow up on the mitigation plans in a planned manner.
* Ensure compliance with internal and external information security-related requirements, such as DORA, PCI-DSS, ISO 27001, or ISO 22301.
* Additionally, you will plan and execute third—and partly fourth-party audits in the context of the Digital Operational Resilience Act (DORA).