Welcome to the team: ICT-Auditor for 2nd Line of Defence (m/f/diverse)
-
FunctionFunction:
Audit / Compliance / Legal -
LocationLocation:
Praha
Group Risk Management – Cyber Risk & Information Security (GRM-CRIS) is responsible for the group-wide management of cyber and information security risks. It ensures an adequate level of (cyber) security in Commerzbank through clearly defined roles and responsibilities within the security organization. GRM-CRIS serves as the "second line of defence" (2nd LoD) for information security. This involves setting relevant standards by establishing controls within guidelines and policies and checking for compliance. Additionally, GRM-CRIS reports on cyber and information security risks, accompanies the risk mitigation process, makes decisions, and escalates issues when necessary.
We are now establishing a new team in Prague and looking for ICT Auditors to support our 2nd LoD. As an ICT Auditor in GRM-CRIS, you will help strengthen our security by performing independent audits, identifying risks, and ensuring compliance with all legal, regulatory, and internal standards. Your knowledge of information security and IT risk management will ensure a resilient ICT environment aligned with regulatory (e.g. Digital Operational Resilience Act (DORA)) and internal standards.
Your tasks
- Participate in the audit team of the 2nd Line of Defence for ICT controls of Commerzbank in Group Risk Management – Cyber Risk & Information Security.
- Conduct independent audits of ICT-related matters, identify risks, assess their relevance and derive risk mitigating measures. Ensure compliance with legal, regulatory, and internal requirements. Summarize your results clearly in audit reports for the responsible divisional head.
- Apply both agile and classic project management methods to execute audit assignments successfully. Depending on your experience, take on the role of auditor or audit lead within the team.
- Show strong initiative and contribute to a versatile, motivated team. Take responsibility for additional professional topics, further develop audit approaches, or drive topics such as data analysis and continuous auditing.
Your profile
- Completed degree with a focus on computer science or business informatics, or completed vocational training in the IT field or commercial, business or technical training.
- Understanding of internal banking, legal, and regulatory requirements (e.g., MaRisk, IT Security Act, BAIT, NIST, DORA, ISO/IEC 27001) combined with relevant IT knowledge of banking systems in relation to information security.
- At least 2 years of experience conducting IT/ICT audits – alternatively, experience as an ISMS/ISO 27001 auditor.
- Experience with data analysis, agile working methods, project management skills, and bank related digitalization processes.
- Additional qualifications e.g., CISA, CISM, CISSP, ISO/IEC 27001 Lead Auditor are a plus.
- Excellent communication skills in English written and spoken. German skills are an asset.
Our Benefits
30 days of vacation; Employer-funded pension; Flexible work; Employee conditions; Digital learning; Diversity; Family & job friendly; Friendly work environment; Inspiring company culture; Work-life balance
The company
In Commerzbank Digital Technology Centre Prague, we are transforming a traditional bank into a digital agile enterprise! We provide a wide range of various IT solutions, .Net and Java development, services in the area of application operation and infrastructure. As a part of Commerzbank Group, we work closely together with the Delivery Organisation of more than 50 different Clusters in our Headquarter in Frankfurt and around the globe.
We are looking for thinkers with unconventional ideas and in return, we offer the freedom to create own job with own vision, wide range of benefits including home office. Sounds interesting?
Contact
In Commerzbank Digital Technology Centre Prague, we are transforming a traditional bank into a digital agile enterprise! We provide a wide range of various IT solutions, .Net and Java development, services in the area of application operation and infrastructure. As a part of Commerzbank Group, we work closely together with the Delivery Organisation of more than 50 different Clusters in our Headquarter in Frankfurt and around the globe.
We are looking for thinkers with unconventional ideas and in return, we offer the freedom to create own job with own vision, wide range of benefits including home office. Sounds interesting?