Job
- Level
- Senior
- Job Field
- IT, Security
- Employment Type
- Part Time/Full Time
- Contract Type
- Permanent employment
- Location
- Frankfurt
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you will develop a comprehensive Cyber Hygiene Governance framework, coordinate audits, document processes, and design measures to enhance Cyber Hygiene controls.
Your role in the team
- As a Senior Cyber Hygiene Governance, you bear overall professional responsibility for the Cyber Hygiene Governance Framework with a strong focus on audit and compliance obligations.
- You ensure that cyber hygiene controls (Govern / Identify / Protect) are clearly defined, consistently implemented, effectively monitored, and auditable documented.
- Additionally, you act as the central interface for internal and external audits as well as for regulatory inspections in the context of cyber hygiene.
- Design, maintenance, and continuous development of the Cyber Hygiene Governance Framework (policies, standards, SLAs, RACI, processes for exceptions and risk acceptance).
- Ensure that cyber hygiene requirements are clear, consistent, and operationally implementable β particularly in the areas of vulnerability, patch, and baseline/configuration management.
- Translation of regulatory and 2nd Line of Defense requirements (e.g., DORA, BAIT, MaRisk, NIS 2, PCI-DSS, SOC2-like frameworks) into concrete cyber hygiene controls and control objectives.
- Regular assessment of the effectiveness of implemented controls, identification of gaps, and management of the derivation and implementation of improvement measures.
- Central contact person for internal audit, external auditors, and regulatory authorities on cyber hygiene topics.
- Planning, coordination, and professional support of audits and reviews (including preparation of the departments, provision of evidence, creation of overviews, and control mappings).
- Ensuring an audit-proof documentation of controls, roles, processes, decisions, exceptions, and risk acceptance cases.
- Support in defining, assessing, and tracking audit findings, management actions, and remediation plans through to completion.
- Definition, further development, and maintenance of KPIs, KRIs, scorecards, and reporting models for cyber hygiene - including an audit and compliance perspective.
- Preparation of management- and audit-ready reports for CISO, Risk Management, Compliance, Internal Audit, and Steering Committees.
- Ensure that structural insights from Security Problem Management (Root Causes, Trend Analyses, Recurring Weaknesses) are incorporated into governance artifacts and control requirements.
- Support in prioritizing topics of high relevance for audits and regulatory compliance.
- Consulting business and IT stakeholders as well as management on cyber hygiene governance, controls, and audit expectations.
- Development and implementation of guidelines, training, and FAQs on governance and audit requirements in the field of cyber hygiene.
- Coaching of Junior and Regular Governance Specialists, particularly on audit-ready documentation and dealing with auditors.
This text has been machine translated. Show original
Our expectations of you
Qualifications
- In-depth knowledge of relevant security frameworks and regulatory requirements (e.g., ISO 27001/2, DORA, BAIT, MaRisk, NIS 2, PCI-DSS, SOC2-like frameworks).
- Very good understanding of cyber hygiene controls (vulnerability, patch, and configuration management) and their documentation for auditors and regulatory authorities.
- Strong strategic, conceptual, and systemic thinking with a focus on traceability, auditability, and sustainability of solutions.
- Excellent skills in communication, moderation, and stakeholder management β especially in dealing with audit, supervision, CISO organization, risk management, and IT.
- High resilience and professionalism in critical review and escalation situations.
- Excellent spoken and written English skills; German language skills are a significant plus.
- Relevant certifications are an advantage, e.g., ISO 27001 Lead Implementer/Lead Auditor, CISM, CRISC, CISA.
Experience
- Several years of professional experience in Cyber Security Governance, IT Risk Management, internal/external audit, or comparable roles in regulated industries (ideally: financial services / critical infrastructures).
- Experience in designing and assessing controls (Control Design & Operating Effectiveness) as well as deriving remediation measures from audit findings.
- Experience in defining and utilizing KPIs/KRIs for governance and audit reporting.
This text has been machine translated. Show original
What we offer
- 30 days of vacation.
- Flexible working.
- Professional Training & Development.
- Asset-building benefits.
- Friendly working environment.
- Diverse tasks.
- Work-Life Balance.
This text has been machine translated. Show original
Benefits
Work-Life-Integration
More net
Health, Fitness & Fun
Topics that you deal with on the job
Job Locations
This is your employer
Commerzbank AG
Commerzbank is an internationally-operating commercial bank with locations in nearly 50 countries and 49,000 employees. It offers a comprehensive range of financial services to private, business, and corporate customers. Commerzbank is a reliable and trusted source for all your banking needs.
Description
- Company Size
- 250+ Employees
- Company Type
- Established Company
- Working Model
- Full Remote, Hybrid, Onsite
- Industry
- Banking, Finance, Insurance
Dev Reviews
by devworkplaces.com
Total
(1 Review)3.6
Workingconditions
4.4Engineering
3.2Career Growth
3.6Culture
3.5
Senior Cyber Hygiene Governance Engineer
- Location
- Frankfurt
- Working Model
- Hybrid, Onsite
- Diversity
- Open for all genders
