IT & Information Security Risk and Compliance Expert (m/f/d)

Company Description

METRO is a leading international food wholesaler which specialises in serving the needs of hotels, restaurants, and caterers (HoReCa) as well as independent merchants (Traders). Around the world, METRO has approx. 15 million customers who benefit from the wholesale company’s unique multichannel mix: customers can purchase their goods in one of the large stores in their area as well as by delivery (Food Service Distribution, FSD) – all digitally supported and connected. In parallel, METRO MARKETS is being developed as an international online marketplace for the needs of professional customers which has been growing and expanding continuously since 2019. Acting sustainably is one of the company principles of METRO which has been listed in various sustainability indices and rankings, including MSCI, Sustainalytics and CDP. METRO operates in more than 30 countries and employs over 85,000 people worldwide. In financial year 2023/24, METRO generated sales of €31 billion.

Job Description

The purpose of a role is:

..to proactively identify, assess, and manage IT and information security risks within METRO AG and its entities, which includes developing risk management strategies, guidelines, and frameworks.

Your tasks:

• Conduct comprehensive IT and information security risk assessments to identify potential vulnerabilities and threats.
• Contribute to develop and maintain risk management frameworks, guidelines, and standard operating procedures.
• Support the Chief Information Security Officer (CISO) and Business Information Security Officers (BISOs) to integrate IT risk management into the broader information security strategy.
• Monitor and follow-up on risk mitigation efforts & providing guidance and support to METRO entities in implementing effective IT/OT and cyber risk management practices.
• Prepare and deliver risk-related reports and updates.

Qualifications

• Relevant Master’s degree in Computer Science, Information Security, or a related field
• Minimum of 3 years of experience in cyber security
• In-depth knowledge of risk management, compliance, and associated frameworks
• Familiarity with common information security standards (e.g., ISO 27001, NIST)
• Advanced skills in building detailed and actionable reports
• Proven project management abilities, ensuring projects are delivered on time and within budget
• Effective stakeholder management with strong communication and coordination skills in complex organizational environments
• Broad knowledge and overview of security architectures and security systems in IT and OT environments
• Fluent English skills

Additional Information

What we offer:

• Work-life balance: Flexible working hours with the option of mobile working in agreement with your line manager, 30 days of holidays.
• Training: A comprehensive training offer via our own training center or externally.
• Well-being: Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program. 
• Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
• Discounts: discounted Jobticket as well as discounts in our wholesale stores and at many partner companies.
• Comfort: Good transport connections, free parking spaces, JobBike. 
• Company pension plan: You will receive a contribution to your company pension. 
• Family driven: Three daycare centers for children on campus, support of holiday camps for children of employees.