Information Security Assurance Expert (m/f/d)

Company Description

METRO is a leading international food wholesaler which specialises in serving the needs of hotels, restaurants, and caterers (HoReCa) as well as independent merchants (Traders). Around the world, METRO has approx. 15 million customers who benefit from the wholesale company’s unique multichannel mix: customers can purchase their goods in one of the large stores in their area as well as by delivery (Food Service Distribution, FSD) – all digitally supported and connected. In parallel, METRO MARKETS is being developed as an international online marketplace for the needs of professional customers which has been growing and expanding continuously since 2019. Acting sustainably is one of the company principles of METRO which has been listed in various sustainability indices and rankings, including MSCI, Sustainalytics and CDP. METRO operates in more than 30 countries and employs over 85,000 people worldwide. In financial year 2023/24, METRO generated sales of €31 billion.

At METRO, we have set ourselves ambitious goals with our “sCore” growth strategy which is closely accompanied by our Fundamentals. These shared values provide us with rules of conduct that are binding for everyone at METRO, in all countries and companies. Our commitment to wholesale is at the forefront of our mission, and we are constantly striving to improve. With our ONE METRO spirit, everyone stands together, bringing curiosity, determination, courage, drive, commitment, and trust. Find out more about METRO at careers.metroag.de.

Job Description

Purpose of the Role

To plan, execute, and support independent information security assurance activities, including internal audits, control assessments, and reviews of cybersecurity practices across METRO AG and its entities. This role ensures the effectiveness, adequacy, and compliance of security controls in accordance with internal policies, regulatory requirements, and best practices.

Key Responsibilities

• Plan and perform information security assurance activities, including internal security audits, ITGC assessments, and control reviews across IT and OT environments.
• Assess the design and operational effectiveness of security controls based on frameworks such as ISO/IEC 27001 and NIST.
• Identify and document control weaknesses, non-compliance issues, and risk exposures with actionable recommendations.
• Support internal and external audits.
• Collaborate with risk, compliance, and IT teams to track remediation of audit findings and ensure timely closure.
• Prepare clear, concise, and accurate reports on audit findings and assurance outcomes for senior stakeholders.
• Provide guidance to entities and departments in preparing for assurance assessments and building control maturity.
• Support the continuous improvement of the IS assurance program, methodology, and tooling (including automation where applicable).

Qualifications

• Master’s degree in information security, IT Audit, Computer Science, or a related field.
• Minimum 3 years of experience in cybersecurity auditing, ITGC assurance, or information security assessment.
• Professional certifications preferred (e.g. CISA, ISO 27001 Lead Auditor, CISSP).
• Solid understanding of cybersecurity controls, governance, and audit methodologies.
• Familiarity with regulatory and compliance requirements (e.g. ISO/IEC 27001, NIS 2, GDPR, AI Act).
• Strong communication and reporting skills, with the ability to explain technical issues to non-technical stakeholders.
• Experience working in complex, multinational environments is a plus.
• Fluent English required; additional languages are a plus.

Additional Information

• Work-life balance: Flexible working hours with the option of mobile working in agreement with your line manager, 30 days of holidays.
• Training: A comprehensive training offer via our own training center or externally.
• Well-being: Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program. 
• Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
• Discounts: discounted Jobticket as well as discounts in our wholesale stores and at many partner companies.
• Comfort: Good transport connections, free parking spaces, JobBike. 
• Company pension plan: You will receive a contribution to your company pension. 
• Family driven: Three daycare centers for children on campus, support of holiday camps for children of employees.