Senior Manager IT Audit (m/f/d)

Europe multi-location, NW, DE, 33415

Full Time Senior-level / Expert EUR 93K - 173K * ^est.

Bertelsmann

International media company and it’s divisions; information for all interested people, journalists and applicants; financial data and business details

View all jobs at Bertelsmann

Apply now Apply later

Posted 4 hours ago

We are looking for a
Senior Manager IT Audit (m/f/d)
(unlimited, full-time) Join our team at our locations in Berlin, Verl, and Amsterdam – flexible working conditions available

What you bring to this position

Completed studies in either Computer Science, IT Security, Information Security, Cyber Security, IT Governance/Management, or a related discipline.
5+ years of experience in auditing or consulting companies in regulated industries, ideally in the financial sector, focusing on IT/Tech.
Specialized knowledge in Access Controls, API and Web Service Security, Configuration Management, Cloud Security, Authentication and Authorization, Secure Communication, and Penetration Testing.
Best practices experience in end-to-end IT audits, including scoping, fieldwork, reporting, and follow-up activities, following a risk-based auditing, including control testing.
Experience with standards such as ISO 27001:2022, BSI C5, ITIL, and COBIT is advantageous.
You have excellent English language skills; German language skills are a big plus.
Certifications such as CISA, CISM, CRISC, CISSP, Azure AZ/DP, or AWS “Certified” are highly advantageous.
You are willing to travel nationally and internationally (up to 20%) when needed, while 80% working from home is possible.

What will be your challenge?

Plan audits on a short-term, mid-term, and long-term risk-based approach.
Conduct internal audits focused on tech areas within the regulated and non-regulated entities of Riverty.
Coordinate audit requests and perform audit defense on external IT assessments in the second line of defense.
Report directly to management about audit results and consolidate results to show trends to management.
Discuss mitigating measures with the auditees and follow up on the mitigation plans in a planned manner.
Ensure compliance with internal and external information security-related requirements, such as DORA, PCI-DSS, ISO 27001, or ISO 22301.
Additionally, you will plan and execute third—and partly fourth-party audits in the context of the Digital Operational Resilience Act (DORA).