Security Auditor (m/f/d)

Social network you want to login/join with:

Region: Cologne or Künzelsau (partly remote work possible)
Department: IT Security

The BERNER Group is a European trading company serving professionals in the mobility, construction, and industry sectors. We are a leading B2B specialist and an innovative manufacturer of chemical products. Our purpose is: “We are pushing the limits of the possible for the shapers of a better tomorrow.” Our strong brands—BERNER, BTI by BERNER, and CCS—help our customers keep their businesses successful and operational.

Responsibilities:

1. Conduct audits of security controls, risk management processes, and compliance within IT environments, ensuring adherence to relevant frameworks and standards.
2. Collaborate with internal teams to evaluate security practices and identify gaps or weaknesses.
3. Advise on remediation actions to address audit findings and enhance security posture.
4. Support preparation for external audits or regulatory reviews, ensuring complete and accurate compliance documentation.
5. Perform risk assessments and assist in developing risk mitigation strategies.
6. Ensure continuous improvement of internal audit processes and security compliance practices.
7. Communicate audit findings clearly to stakeholders, including senior management, providing recommendations for risk reduction and governance improvements.
8. Monitor and report on the effectiveness of security policies and controls, promoting adherence to industry best practices.

Minimum Qualifications:

1. Degree in IT Security, Information Systems, Business Administration, or a related field.
2. Strong knowledge of security frameworks such as NIS2, ISO 27001, NIST, SOC 2, and other relevant standards.
3. Extensive experience in conducting IT security audits, vulnerability assessments, and compliance reviews.
4. Ability to assess and audit security controls, risk management processes, and policies, identifying areas for improvement.
5. Technical expertise to evaluate complex technical systems, understanding both technical and operational aspects.
6. Fluency in English (spoken and written).
7. Strong analytical skills for evaluating security data and developing insights.
8. Excellent stakeholder management skills at all organizational levels.
9. Strong interpersonal skills to guide and influence change initiatives.

Additional Desired Qualifications:

• Broad experience across various security domains.
• Proven experience in auditing, governance, risk, and compliance (GRC), preferably with a Big Four or similar organization.
• German language skills are helpful but not required.

Benefits & Perks:

• Permanent contract.
• Partly remote work options.
• Structured onboarding process.
• Künzelsau: access to a canteen with freshly prepared dishes daily.
• Cologne: Pluxee food vouchers.
• Allowance for transportation costs.
• Bike leasing (JobRad).
• EGYM Wellpass with over 5,000 fitness and sports offers.
• Company pension scheme and employee purchase programs with attractive conditions.
• Various training and development opportunities within our future-oriented company.