METRO/MAKRO logo

Information Security Assurance Expert (all genders)

Posted about 2 hours ago

RemoteDüsseldorf, NRW, GermanySE

Job Description

Purpose of the Role 

To plan, execute, and support independent information security assurance activities across METRO AG and its operating entities. The role provides structured, judgment-driven assessment of the effectiveness, maturity, and alignment of security controls against internal policies, regulatory requirements, and recognized frameworks - enabling informed risk decisions and continuous improvement of the organization’s security posture. 

Key Responsibilities 

  • Plan and perform information security assurance reviews, including control design and effectiveness assessments, thematic reviews, and targeted evaluations across IT and OT environments. 
  • Assess the design adequacy and operational effectiveness of security controls based on frameworks such as ISO/IEC 27001, ISO/IEC 42001, the NIST Cybersecurity Framework and the NIST AI Risk Management Framework. 
  • Identify and document control gaps, non-conformities, and risk exposures with proportionate, actionable recommendations. 
  • Provide subject-matter support to internal and external audit functions as required. 
  • Collaborate with risk, compliance, and IT teams to track remediation of identified control gaps and ensure timely closure. 
  • Prepare clear, concise, and well-evidenced assurance reports and recommendations for senior stakeholders. 
  • Provide guidance to entities and departments in preparing for assurance assessments and building control maturity. 
  • Support the continuous improvement of the IS assurance program, including methodology, tooling, and automation. 

Qualifications

  • Master’s degree in Information Security, Computer Science, or a related field. 
  • Minimum 3 years of experience in cybersecurity assurance, control assessment, or information security governance. 
  • Professional certifications preferred (e.g. CISA, CRISC, ISO 27001 / 42001 Lead Auditor, ISO 27001 / 42001 Lead Implementer, CISSP). 
  • Solid understanding of cybersecurity controls, governance frameworks, and assurance and assessment methodologies. 
  • Familiarity with regulatory and compliance requirements (e.g. ISO/IEC 27001, NIS 2, GDPR, EU AI Act). 
  • Strong communication and reporting skills, with the ability to explain technical issues to non-technical stakeholders. 
  • Experience working in complex, multinational environments is a plus. 
  • Fluent English required; additional languages are a plus. 

Additional Information

  • Work-life balance: Flexible working hours in agreement with your line manager, 30 days of holidays. 
  • Training: A comprehensive training offer via our own training center or externally.
  • Well-being: Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program. 
  • Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
  • Discounts: discounted Jobticket as well as discounts in our wholesale stores and at many partner companies.
  • Comfort: Good transport connections, free parking spaces, JobBike. 
  • Company pension plan: You will receive a contribution to your company pension. 
  • Family driven: Three daycare centers for children on campus, support of holiday camps for children of employees.
Job details
Workplace
Remote
Location
Düsseldorf, NRW, Germany
Experience
SE

Lebensmittel- und Non-Food Großhandel für Gastronomie und Großverbraucher

Key team members

Michael H. Brandauer

Michael H. Brandauer

Apply smarter with Jobr

Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.

Direct from company career pages
AI-personalised cover letters
Human review before every submit
Application tracking & follow-ups