Logo METRO AG

Information Security Assurance Expert

New

Job

  • Level
    Experienced
  • Job Field
    IT, Security
  • Employment Type
    Full Time
  • Contract Type
    Permanent employment
  • Location
    Dusseldorf
  • Working Model
    Hybrid, Onsite
  • Job Summary

    In this role, you assess the effectiveness and maturity of security controls, conduct independent security reviews, and provide clear recommendations for enhancing the organization's security posture.

    Your role in the team

    • To plan, execute, and support independent information security assurance activities across METRO AG and its operating entities.
    • The role provides structured, judgment-driven assessment of the effectiveness, maturity, and alignment of security controls against internal policies, regulatory requirements, and recognized frameworks - enabling informed risk decisions and continuous improvement of the organization's security posture.
    • Plan and perform information security assurance reviews, including control design and effectiveness assessments, thematic reviews, and targeted evaluations across IT and OT environments.
    • Assess the design adequacy and operational effectiveness of security controls based on frameworks such as ISO/IEC 27001, ISO/IEC 42001, the NIST Cybersecurity Framework, and the NIST AI Risk Management Framework.
    • Identify and document control gaps, non-conformities, and risk exposures with proportionate, actionable recommendations.
    • Provide subject-matter support to internal and external audit functions as required.
    • Collaborate with risk, compliance, and IT teams to track remediation of identified control gaps and ensure timely closure.
    • Prepare clear, concise, and well-evidenced assurance reports and recommendations for senior stakeholders.
    • Provide guidance to entities and departments in preparing for assurance assessments and building control maturity.
    • Support the continuous improvement of the IS assurance program, including methodology, tooling, and automation.

    This text has been machine translated. Show original

    Our expectations of you

    Education

    • Master's degree in Information Security, Computer Science, or a related field.

    Qualifications

    • Professional certifications preferred (e.g., CISA, CRISC, ISO 27001 / 42001 Lead Auditor, ISO 27001 / 42001 Lead Implementer, CISSP).
    • Solid understanding of cybersecurity controls, governance frameworks, and assurance and assessment methodologies.
    • Vertrautheit mit regulatorischen und Compliance-Anforderungen (z. B. ISO/IEC 27001, NIS 2, GDPR, EU AI Act).
    • Strong communication and reporting skills, with the ability to explain technical issues to non-technical stakeholders.
    • Fluent English required; additional languages are a plus.

    Experience

    • Minimum 3 years of experience in cybersecurity assurance, control assessment, or information security governance.
    • Experience working in complex, multinational environments is a plus.

    This text has been machine translated. Show original

    What we offer

    • Flexible working hours in agreement with your line manager, 30 days of holidays.
    • A comprehensive training offer via our own training center or externally.
    • Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program.
    • Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
    • Discounted job ticket as well as discounts in our wholesale stores and at many partner companies.
    • Good transport connections, free parking spaces, JobBike.
    • You will receive a contribution to your company pension.
    • Three daycare centers for children on campus, support of holiday camps for children of employees.

    This text has been machine translated. Show original

    Benefits

    Work-Life-Integration

    Food & Drink

    More net

    Topics that you deal with on the job

    Job Locations

    • Location Dusseldorf

      Nordrhein-Westfalen

      Germany

    This is your employer

    METRO AG

    METRO AG

    METRO is a leading international wholesaler of food and non-food products, catering to the needs of hotels, restaurants and caterers (HoReCa) as well as independent retailers.

    Description

  • Founding year
    1964
  • Company Type
    Established Company
  • Working Model
    Hybrid, Onsite
  • Industry
    Trade
  • Logo METRO AG

    Information Security Assurance Expert

    Location
    Dusseldorf
    Working Model
    Hybrid, Onsite
    Diversity
    Open for all genders

    More Jobs