Information Security Assurance Expert mfd

To plan, execute, and support independent information security assurance activities, including internal audits, control assessments, and reviews of cybersecurity practices across METRO AG and its entities. This role ensures the effectiveness, adequacy, and compliance of security controls in accordance with internal policies, regulatory requirements, and best practices.

1. Plan and perform information security assurance activities, including internal security audits, ITGC assessments, and control reviews across IT and OT environments.
2. Assess the design and operational effectiveness of security controls based on frameworks such as ISO / IEC 27001 and NIST.
3. Identify and document control weaknesses, noncompliance issues, and risk exposures with actionable recommendations.
4. Support internal and external audits.
5. Collaborate with risk, compliance, and IT teams to track remediation of audit findings and ensure timely closure.
6. Prepare clear, concise, and accurate reports on audit findings and assurance outcomes for senior stakeholders.
7. Provide guidance to entities and departments in preparing for assurance assessments and building control maturity.
8. Support the continuous improvement of the IS assurance program methodology and tooling, including automation where applicable.

• Master's degree in information security, IT Audit, Computer Science, or a related field.
• Minimum 3 years of experience in cybersecurity auditing, ITGC assurance, or information security assessment.
• Professional certifications preferred (e.g., CISA, ISO 27001 Lead Auditor, CISSP).
• Solid understanding of cybersecurity controls, governance, and audit methodologies.
• Familiarity with regulatory and compliance requirements (e.g., ISO / IEC 27001, NIS 2, GDPR, AI Act).
• Strong communication and reporting skills, with the ability to explain technical issues to non-technical stakeholders.
• Experience working in complex multinational environments is a plus.
• Fluent English required; additional languages are a plus.

• Work-life balance: Flexible working hours with the option of mobile working in agreement with your line manager; 30 days of holidays.
• Training: A comprehensive training offer via our own training center or externally.
• Wellbeing: Health days, health checks, company medical care, including preventive services such as flu shots, and employee assistance programs.
• Campus life: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals, and many campus events.
• Discounts: Discounted Jobticket, wholesale store discounts, and partner company offers.
• Comfort: Good transport connections, free parking, and JobBike.
• Company pension plan: Contributions to your pension.
• Family support: Three daycare centers on campus and support for holiday camps for employees' children.

Details to be specified.

Experience: 3+ years

1 position available