Senior Manager IT Audit (m/f/d)

Social network you want to login/join with:

We are looking for a
Senior Manager IT Audit (

m/f/d)

(unlimited, full-time) Join our team at our locations in Berlin, Verl, and Amsterdam – flexible working conditions available

What you bring to this position

• Completed studies in either Computer Science, IT Security, Information Security, Cyber Security, IT Governance/Management, or a related discipline.
• 5+ years of experience in auditing or consulting companies in regulated industries, ideally in the financial sector, focusing on IT/Tech.
• Specialized knowledge in Access Controls, API and Web Service Security, Configuration Management, Cloud Security, Authentication and Authorization, Secure Communication, and Penetration Testing.
• Best practices experience in end-to-end IT audits, including scoping, fieldwork, reporting, and follow-up activities, following a risk-based auditing, including control testing.
• Experience with standards such as ISO 27001:2022, BSI C5, ITIL, and COBIT is advantageous.
• You have excellent English language skills; German language skills are a big plus.
• Certifications such as CISA, CISM, CRISC, CISSP, Azure AZ/DP, or AWS “Certified” are highly advantageous.
• You are willing to travel nationally and internationally (up to 20%) when needed, while 80% working from home is possible.

What will be your challenge?

• Plan audits on a short-term, mid-term, and long-term risk-based approach.
• Conduct internal audits focused on tech areas within the regulated and non-regulated entities of Riverty.
• Coordinate audit requests and perform audit defense on external IT assessments in the second line of defense.
• Report directly to management about audit results and consolidate results to show trends to management.
• Discuss mitigating measures with the auditees and follow up on the mitigation plans in a planned manner.
• Ensure compliance with internal and external information security-related requirements, such as DORA, PCI-DSS, ISO 27001, or ISO 22301.
• Additionally, you will plan and execute third—and partly fourth-party audits in the context of the Digital Operational Resilience Act (DORA).