Job
- Level
- Senior
- Job Field
- IT, Security
- Employment Type
- Part Time/Full Time
- Contract Type
- Permanent employment
- Location
- Frankfurt
- Working Model
- Onsite
Job Summary
In this role, you will enhance the cyber hygiene governance framework, define controls, prepare audits, and support the implementation of regulatory requirements for a sustainable security culture.
Your role in the team
- The Senior Cyber Hygiene Governance holds overall subject-matter responsibility for the cyber hygiene governance framework with a strong focus on audit and evidencing requirements.
- The role ensures that cyber hygiene controls (Govern/Identify/Protect) are clearly defined, consistently implemented, effectively monitored, and audit-ready.
- It acts as a central interface for internal and external audits as well as supervisory reviews in the context of cyber hygiene.
- Design, maintain and continuously improve the cyber hygiene governance framework (policies, standards, SLAs, RACI, exception and risk acceptance processes).
- Ensure that cyber hygiene requirements are clear, consistent and operationally implementable (especially for vulnerability, patch and baseline configuration management).
- Translate regulatory and 2nd Line of Defense requirements (e.g., DORA, BAIT, MaRisk, NIS 2, PCI-DSS, SOC2-like frameworks) into concrete cyber hygiene controls and control objectives.
- Regularly assess the effectiveness of implemented controls, identify control gaps and drive remediation measures.
- Act as the central point of contact for Internal Audit, external auditors, and supervisory authorities on cyber hygiene topics.
- Plan, coordinate and support audits and reviews (including preparing stakeholders, providing evidence, creating overviews and mappings of controls).
- Ensure audit-proof documentation of controls, roles, processes, decisions, exceptions, and risk acceptance cases.
- Support the definition, evaluation, and follow-up of audit findings, management actions, and remediation plans until closure.
- Define, evolve and maintain KPIs, KRIs, scorecards and reporting models for cyber hygiene, including an audit and compliance perspective.
- Prepare executive-ready reports for CISO, Risk Management, Compliance, Internal Audit and steering committees.
- Ensure that structural insights from Security Problem Management (root causes, trend analyses, recurring weaknesses) are reflected in governance artefacts and control requirements.
- Support prioritization of issues with high relevance for audits and regulatory compliance.
- Advise business and IT stakeholders and senior management on cyber hygiene governance, controls and audit expectations.
- Develop and deliver guidelines, training and FAQs on governance and audit requirements related to cyber hygiene.
- Coaches Junior and Regular Governance Specialists, especially on audit-ready documentation and interaction with auditors.
This text has been machine translated. Show original
Our expectations of you
Qualifications
- Deep knowledge of relevant security frameworks and regulatory requirements (e.g., ISO 27001/2, DORA, BAIT, MaRisk, NIS 2, PCI-DSS, SOC2-like frameworks).
- Starkes Verständnis von Cyber-Hygiene-Kontrollen (Schwachstellen-, Patch- und Konfigurationsmanagement) und wie man diese gegenüber Prüfern und Regulierungsbehörden nachweist.
- Strong strategic, conceptual and systemic thinking with a focus on traceability, auditability and sustainability of solutions.
- Excellent communication, facilitation and stakeholder management skills - especially in dealing with Audit, supervisory bodies, CISO, Risk Management and IT.
- High resilience and professionalism in critical audit and escalation situations.
- Excellent English skills (written and spoken); German is a strong plus.
- Relevant certifications are an advantage (e.g., ISO 27001 Lead Implementer/Lead Auditor, CISM, CRISC, CISA).
Experience
- Several years of experience in cyber security governance, IT risk management, internal/external audit or comparable roles in regulated industries (ideally financial services / critical infrastructure).
- Experience in control design and assessment (design & operating effectiveness) and in deriving remediation measures from audit findings.
- Experience with defining and using KPIs/KRIs for governance and audit-related reporting.
This text has been machine translated. Show original
What we offer
- 30 days of vacation.
- Flexible work.
- Employee conditions.
- Professional training & development.
- Capital-forming benefits.
- Friendly work environment.
- Various tasks.
- Work-life balance.
This text has been machine translated. Show original
Benefits
Work-Life-Integration
More net
Health, Fitness & Fun
Topics that you deal with on the job
Job Locations
This is your employer
Commerzbank AG
Commerzbank is an internationally-operating commercial bank with locations in nearly 50 countries and 49,000 employees. It offers a comprehensive range of financial services to private, business, and corporate customers. Commerzbank is a reliable and trusted source for all your banking needs.
Description
- Company Size
- 250+ Employees
- Company Type
- Established Company
- Working Model
- Full Remote, Hybrid, Onsite
- Industry
- Banking, Finance, Insurance
Dev Reviews
by devworkplaces.com
Total
(1 Review)3.6
Workingconditions
4.4Engineering
3.2Career Growth
3.6Culture
3.5
Senior Cyber Hygiene Governance Engineer
- Location
- Frankfurt
- Working Model
- Onsite
- Diversity
- Open for all genders
