Information Security Assurance Expert (all genders)
We are wholesale. We are Cyber Security. We are where people and opportunity meet.
At METRO, we’re more than a global food wholesaler. We are #OneMETRO: a diverse team of over 84,000 colleagues across 34 countries, united by one mission: enabling our 15 million customers to create meaningful moments in hospitality and independent trade.
We shape the M with passion, commitment, and growth mindset. This means taking on responsibility, making our company your company and creating a business together that remains true to its roots but always seeks new solutions.
Job Description
Purpose of the Role
To plan, execute, and support independent information security assurance activities across METRO AG and its operating entities. The role provides structured, judgment-driven assessment of the effectiveness, maturity, and alignment of security controls against internal policies, regulatory requirements, and recognized frameworks - enabling informed risk decisions and continuous improvement of the organization’s security posture.
Key Responsibilities
- Plan and perform information security assurance reviews, including control design and effectiveness assessments, thematic reviews, and targeted evaluations across IT and OT environments.
- Assess the design adequacy and operational effectiveness of security controls based on frameworks such as ISO/IEC 27001, ISO/IEC 42001, the NIST Cybersecurity Framework and the NIST AI Risk Management Framework.
- Identify and document control gaps, non-conformities, and risk exposures with proportionate, actionable recommendations.
- Provide subject-matter support to internal and external audit functions as required.
- Collaborate with risk, compliance, and IT teams to track remediation of identified control gaps and ensure timely closure.
- Prepare clear, concise, and well-evidenced assurance reports and recommendations for senior stakeholders.
- Provide guidance to entities and departments in preparing for assurance assessments and building control maturity.
- Support the continuous improvement of the IS assurance program, including methodology, tooling, and automation.
Qualifications
- Master’s degree in Information Security, Computer Science, or a related field.
- Minimum 3 years of experience in cybersecurity assurance, control assessment, or information security governance.
- Professional certifications preferred (e.g. CISA, CRISC, ISO 27001 / 42001 Lead Auditor, ISO 27001 / 42001 Lead Implementer, CISSP).
- Solid understanding of cybersecurity controls, governance frameworks, and assurance and assessment methodologies.
- Familiarity with regulatory and compliance requirements (e.g. ISO/IEC 27001, NIS 2, GDPR, EU AI Act).
- Strong communication and reporting skills, with the ability to explain technical issues to non-technical stakeholders.
- Experience working in complex, multinational environments is a plus.
- Fluent English required; additional languages are a plus.
Additional Information
- Work-life balance: Flexible working hours in agreement with your line manager, 30 days of holidays.
- Training: A comprehensive training offer via our own training center or externally.
- Well-being: Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program.
- Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
- Discounts: discounted Jobticket as well as discounts in our wholesale stores and at many partner companies.
- Comfort: Good transport connections, free parking spaces, JobBike.
- Company pension plan: You will receive a contribution to your company pension.
- Family driven: Three daycare centers for children on campus, support of holiday camps for children of employees.
Empfohlene Jobs
Account Manager - Telecommunications
Ready to build lasting client relationships and drive business growth? Join a global telecommunications provider recognised for delivering mobile, connectivity, and digital solutions to enterpris…
Oberarzt Psychosomatik | Reha (m/w/d)
Im Auftrag unseres Mandanten, einer etablierten Rehabilitationsklinik im Raum Leipzig mit rund 220 Betten, suchen wir im Rahmen der Personalberatung eine qualifizierte Fachkraft für die anspruchsvoll…
Customer Service Mitarbeiter (w/m/d)
Customer Service Mitarbeiter (w/m/d) gesucht - Wir suchen für unseren Kunden, ein Unternehmen aus der Chemiebranche mit Sitz in Düsseldorf, zum nächstmöglichen Zeitpunkt einen Customer Service Mi…
Ausbildung Kaufleute im Einzelhandel
Warte nicht weiter darauf, dass Mutti dich anzieht: Die Ausbildung im Einzelhandel ist spannend und vielseitig. Während Deiner Ausbildung lernst Du in der Filiale und im Berufsschulunterricht alles r…
Ferienjob als Promoter (m/w/d) bis zu 4.500€ im Monat (Düsseldorf)
Zwischen Schule, Studium oder Auszeit? Mach etwas, das zählt. Ob du gerade deinen Abschluss gemacht hast, ein Urlaubssemester planst oder einfach etwas Sinnvolles tun willst, dieser Job bietet dir…
Lohnbuchhalter (m/w/d) HPJB1_DE
Stellenbeschreibung Die Aufgabe als Lohnbuchhalter (Deutschland) besteht darin, die Gehälter der Berater und Mitarbeiter für die deutsche Niederlassung von Oxford in Europa korrekt und pünktlich zu ve…
Senior Account Executive - Energy & Utilities (w/m/x)
IBM iX – Experience the Human Factor. Als Senior Account Executive – Energy & Utilities (w/m/x) verantwortest du die strategische und operative Geschäftsentwicklung in dieser Industrie. Du identif…