Requirements

Operating system

Windows

Our requirements

• You are fluent in English on a business level (C1)
• You have good communication skills in German (minimum B1 level)
• You are trained or have developed yourself into an Auditor or Senior Auditor for information security or IT/cybersecurity
• You have at least 4–5 years of experience in similar audit roles within international organizations
• You have hands-on experience with auditing of either ISO 2700x standards, BSI Grundschutz, SOC 2 Type II, or similar standards covering information security and information security management
• You are experienced in audit planning, including scope definition, method selection, guidance of the auditees through the audit process, and realistic estimation of time and efforts
• You are familiar with risk management terminology and methodologies
• You demonstrate strong analytical thinking, self-motivation, and a structured, results-oriented approach to your work
• You uphold the highest ethical standards in auditing, ensuring objectivity, confidentiality, and independence at every stage of the process
• You hold a university degree or formal education in informatics, business informatics, IT security, or a similar field

Optional

• Certifications concerning information security auditing are a plus

Your responsibilities

• You plan audits by analyzing Information Security Standards, such as ISO 27001:2022, and define audit scopes within your area of expertise
• You create and maintain structured audit catalogues tailored to the identified scope
• You draft audit plans for your assigned audit areas
• You perform audits in line with the approved audit plan, covering both internal processes and assets as well as audits of external service providers
• You assess a broad range of audit topics, including IT systems, infrastructure and processes, information security management processes, and on-premise or virtual audits of physical security
• You document findings clearly and thoroughly to enable process and asset owners to identify and develop mitigation measures and implementation plans
• You contribute to the risk register through the clear classification and documentation of audit findings and collaborate with IT compliance and risk stakeholders
• You report audit results to the CTO
• You are involved in certification audits
• You support client assessments by providing information or take part in client meetings