Information Security Assurance Expert (all genders)
Posted about 2 hours ago
Job Description
Purpose of the Role
To plan, execute, and support independent information security assurance activities across METRO AG and its operating entities. The role provides structured, judgment-driven assessment of the effectiveness, maturity, and alignment of security controls against internal policies, regulatory requirements, and recognized frameworks - enabling informed risk decisions and continuous improvement of the organization’s security posture.
Key Responsibilities
- Plan and perform information security assurance reviews, including control design and effectiveness assessments, thematic reviews, and targeted evaluations across IT and OT environments.
- Assess the design adequacy and operational effectiveness of security controls based on frameworks such as ISO/IEC 27001, ISO/IEC 42001, the NIST Cybersecurity Framework and the NIST AI Risk Management Framework.
- Identify and document control gaps, non-conformities, and risk exposures with proportionate, actionable recommendations.
- Provide subject-matter support to internal and external audit functions as required.
- Collaborate with risk, compliance, and IT teams to track remediation of identified control gaps and ensure timely closure.
- Prepare clear, concise, and well-evidenced assurance reports and recommendations for senior stakeholders.
- Provide guidance to entities and departments in preparing for assurance assessments and building control maturity.
- Support the continuous improvement of the IS assurance program, including methodology, tooling, and automation.
Qualifications
- Master’s degree in Information Security, Computer Science, or a related field.
- Minimum 3 years of experience in cybersecurity assurance, control assessment, or information security governance.
- Professional certifications preferred (e.g. CISA, CRISC, ISO 27001 / 42001 Lead Auditor, ISO 27001 / 42001 Lead Implementer, CISSP).
- Solid understanding of cybersecurity controls, governance frameworks, and assurance and assessment methodologies.
- Familiarity with regulatory and compliance requirements (e.g. ISO/IEC 27001, NIS 2, GDPR, EU AI Act).
- Strong communication and reporting skills, with the ability to explain technical issues to non-technical stakeholders.
- Experience working in complex, multinational environments is a plus.
- Fluent English required; additional languages are a plus.
Additional Information
- Work-life balance: Flexible working hours in agreement with your line manager, 30 days of holidays.
- Training: A comprehensive training offer via our own training center or externally.
- Well-being: Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program.
- Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
- Discounts: discounted Jobticket as well as discounts in our wholesale stores and at many partner companies.
- Comfort: Good transport connections, free parking spaces, JobBike.
- Company pension plan: You will receive a contribution to your company pension.
- Family driven: Three daycare centers for children on campus, support of holiday camps for children of employees.
Other open roles at METRO/MAKRO(6)
Lebensmittel- und Non-Food Großhandel für Gastronomie und Großverbraucher
Key team members

Michael H. Brandauer
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.