Jobbeschreibung
Security Auditor (m/f/d)
Region: Cologne or Künzelsau (remote working partly possible)
Department: IT Security
The BERNER Group is a European trading company for professionals in the mobility, construction and industry sectors. We are the leading B2B specialist and an innovative manufacturer of chemical products. Our purpose is: “We are pushing the limits of the possible for the shapers of a better tomorrow.” This means that our strong brands BERNER, BTI by BERNER and CCS help our customers to keep their business successful and running.
- Conducting audits of security controls, risk management processes and compliance within IT environments, ensuring adherence to relevant frameworks and regulatory standards
- Collaborating with internal teams to evaluate security practices and identify gaps or weaknesses in controls
- Advising on remediation actions to address audit findings and improve the security posture
- Providing support in preparing for audits from external parties or regulatory bodies, ensuring compliance documentation is complete and accurate
- Performing risk assessments and assisting in the development of risk mitigation strategies
- Ensuring continuous improvement of internal audit processes and security compliance practices
- Communicating audit findings clearly to stakeholders, including senior management, and providing recommendations for risk reduction and improved governance
- Monitoring and reporting on the effectiveness of security policies and controls, helping to drive adherence to industry best practices
- Degree in IT Security, Information Systems, Business Administration or a similar field
- Strong knowledge of security frameworks and standards, such as NIS2, ISO 27001, NIST, SOC 2 and other relevant regulations and industry best practices
- Extensive experience in conducting IT security audits, vulnerability assessments and compliance reviews
- Ability to assess and audit security controls, risk management processes and policies, identifying areas for improvement and ensuring compliance with regulatory requirements
- Technical expertise to audit and assess complex technical systems, not just processes, ensuring a thorough understanding of both the technical and operational aspects of the systems being reviewed
- Fluency in English (both written and spoken)
- Strong analytical skills with the ability to evaluate complex security data and develop actionable insights
- Excellent stakeholder management skills, with the ability to work effectively with internal and external stakeholders at all levels, driving necessary changes in processes and systems
- Strong interpersonal skills to guide and influence change management initiatives within the organization
Additionally Desired Qualifications:
- Broad experience across various domains of security
- Proven experience in auditing and governance, risk and compliance (GRC), preferably with a background in a Big Four auditing firm or a similar organization
- German language skills helpful but not required
- Permanent contract
- Mobile work partly possible
- Structured onboarding
- State-of-the-art workplace
- Künzelsau: canteen with daily, freshly prepared dishes
- Cologne: Pluxee food vouchers
- Allowance for transportation costs
- Bike leasing (JobRad)
- EGYM Wellpass with more than 5.000 sport and fitness offers
- Company pension scheme and employee purchase with attractive conditions
- Many training and development opportunities within our future-oriented company