previous job ad next job ad

Welcome to the team:
Senior Cyber Hygiene Governance/ Engineer Operations (m/f/diverse)

Logo Commerzbank AG DE
  • Function
    Function:
    Information Technology
  • Location
    Location:
    Frankfurt am Main
  • Job type
    Job type:
    Permanent / Full time / Part time
  • First working day
    First working day:
    8 / 22 / 2026
  • Application deadline
    Application deadline:
    6 / 23 / 2026
Apply now: https://jobs.commerzbank.com/index.php?ac=application&jobad_id=61187

The Senior Cyber Hygiene Governance holds overall subject-matter responsibility for the cyber hygiene governance framework with a strong focus on audit and evidencing requirements. The role ensures that cyber hygiene controls (Govern/Identify/Protect) are clearly defined, consistently implemented, effectively monitored and audit-ready. It acts as a central interface for internal and external audits as well as supervisory reviews in the context of cyber hygiene.

Your tasks

Governance Framework & Policies

  • Design, maintain and continuously improve the cyber hygiene governance framework (policies, standards, SLAs, RACI, exception and risk acceptance processes)
  • Ensure that cyber hygiene requirements are clear, consistent and operationally implementable (especially for vulnerability, patch and baseline configuration management)

Regulatory Requirements & Compliance

  • Translate regulatory and 2nd Line of Defense requirements (e.g. DORA, BAIT, MaRisk, NIS 2, PCI-DSS, SOC2-like frameworks) into concrete cyber hygiene controls and control objectives
  • Regularly assess the effectiveness of implemented controls, identify control gaps and drive remediation measures

Audit Preparation and Support

  • Act as central point of contact for Internal Audit, external auditors and supervisory authorities on cyber hygiene topics
  • Plan, coordinate and support audits and reviews (incl. preparing stakeholders, providing evidence, creating overviews and mappings of controls)
  • Ensure audit-proof documentation of controls, roles, processes, decisions, exceptions and risk acceptance cases
  • Support definition, evaluation and follow-up of audit findings, management actions and remediation plans until closure

Reporting, KPIs & KRIs

  • Define, evolve and maintain KPIs, KRIs, scorecards and reporting models for cyber hygiene, including an audit and compliance perspective
  • Prepare executive-ready reports for CISO, Risk Management, Compliance, Internal Audit and steering committees

Interface to Security Problem Management

  • Ensure that structural insights from Security Problem Management (root causes, trend analyses, recurring weaknesses) are reflected in governance artefacts and control requirements
  • Support prioritisation of issues with high relevance for audits and regulatory compliance

Advisory, Training & Awareness

  • Advise business and IT stakeholders and senior management on cyber hygiene governance, controls and audit expectations
  • Develop and deliver guidelines, training and FAQs on governance and audit requirements related to cyber hygiene
  • Coach Junior and Regular Governance Specialists, especially on audit-ready documentation and interaction with auditors

Your profile

Professional Experience

  • Several years of experience in cyber security governance, IT risk management, internal/external audit or comparable roles in regulated industries (ideally financial services / critical infrastructure)

Technical & Domain Knowledge

  • Deep knowledge of relevant security frameworks and regulatory requirements (e.g. ISO 27001/2, DORA, BAIT, MaRisk, NIS 2, PCI-DSS, SOC2-like frameworks)
  • Strong understanding of cyber hygiene controls (vulnerability, patch and configuration management) and how to evidence them to auditors and regulators
  • Experience in control design and assessment (design & operating effectiveness) and in deriving remediation measures from audit findings
  • Experience with defining and using KPIs/KRIs for governance and audit-related reporting

Methodological & Personal Skills

  • Strong strategic, conceptual and systemic thinking with a focus on traceability, auditability and sustainability of solutions
  • Excellent communication, facilitation and stakeholder management skills – especially in dealing with Audit, supervisory bodies, CISO, Risk Management and IT
  • High resilience and professionalism in critical audit and escalation situations

Languages & Certifications

  • Excellent English skills (written and spoken); German is a strong plus
  • Relevant certifications are an advantage (e.g. ISO 27001 Lead Implementer/Lead Auditor, CISM, CRISC, CISA)

Our Benefits

  • 30 days of vacation
  • Flexible work
  • Employee conditions
  • Professional training & development
  • Capital-forming benefits
  • Friendly work environment
  • Diverse tasks
  • Work-life balance

30 days of vacation; Flexible work; Employee conditions; Professional training & development; Capital-forming benefits; Friendly work environment; Diverse tasks; Work-life balance

The company

Commerzbank is the leading bank for the Mittelstand and with a comprehensive portfolio of financial services a strong partner for corporate client groups and private and small-business customers in Germany. We are a bank that is characterized by a fair and cooperative relationship with one another and with our customers.

We appreciate working in inspiring teams of people who bring a diverse background. We offer a creative environment and excellent career development opportunities. Work Life Balance is very important to us. And of course, we know that a good job also includes an attractive salary. 

Contact

Would you like to become a member of a strong and dedicated team? If so, please submit your application online. If you have any further enquiries about this role, please contact Linh Jasmin Vo +49 69 935349407 or email her at linhjasmin.vo@commerzbank.com.

Your application process

previous job ad next job ad
Back