Internal Auditor (m/f/d)

CMS

Frankfurt

Description

We are looking for an Internal Cyber Security Auditor (m/f/d) to join our central team at CMS Legal Services.

In the context of growing cyber threats and demanding regulations, the CMS aims to guarantee a consistent level of security across all its members, while respecting local specificities.

The Internal Cyber Security Auditor plays a key role in protecting information assets and ensuring compliance with standards applicable to all firms based on CIS (CMS Security Framework).

The role can be based either in Warsaw or Frankfurt.

Responsibilities

  • Organize and monitor the completion of various audits (technical and non-technical audits, pentests). The auditor will be supported by a dedicated project manager for planning and monitoring the various stages. He or she will ensure the centralization and standardization of audit procedures while taking local constraints into account
  • Non-technical audits on CIS controls:
  • Conduct audits on the organizational and procedural aspects of the CMS Security Framework: security policies, staff awareness, incident management, security governance, etc.
  • Formulation of customized recommendations: Write clear, accurate, and actionable audit reports, including implementation recommendations tailored to the specific contexts of each firm, taking into account their maturity, constraints, and regulatory environment
  • GRC tool: Ensure the entry, monitoring, and updating of audit results, action plans, and monitoring indicators in the GRC tool. Ensure the quality, completeness, and updating of data
  • Communication and support: Be the primary point of contact for member firms for any questions related to audits and recommendations

Required profile

  • Proficiency in CIS Controls and cybersecurity best practices; proven experience in security audits (organizational and technical audit coordination); knowledge of GRC tools, ideally Onetrust
  • Solid experience in information system security auditing, attested by a European-recognized certification or accreditation, such as ISO/IEC 27001 Lead Auditor or ECSA (European Certified Security Auditor)
  • Ability to manage multiple audits simultaneously, prioritise and plan on an international scale; rigor, autonomy, sense of anticipation
  • Experience in cybersecurity and security auditing; experience in an international or multi-site context highly appreciated.
  • Master's degree in information systems security, computer science, or equivalent; certifications appreciated (CISSP, CISA, ISO 27001 Lead Auditor, ECSA, etc.)
  • Fluent written and spoken English skills, Spanish skills recommended and additional languages skills an advantage
  • Excellent diplomatic skills and outstanding communication skills at all levels
  • Team worker with good time-management capability
  • Hands on mentality with careful planning skills and process orientation
  • Proven ability to meet deadlines and deliver projects on time
  • Strong working knowledge of Microsoft Office (Word, Excel, PowerPoint, Outlook)

How to apply

If you are interested in this position, please use "easy apply" or send an email to [email protected]; please include your CV and a brief motivation letter.