Information Security Assessor

About the Opportunity

**Job Type**: Permanent

Application Deadline: 31 July 2025

Title Information Security Assessor

Department Information Security German Platform and Advisory

Location Kronberg Germany

Reports To Information Security Officer

Level Security Analyst - 5

We share a commitment to making things better for clients and each other. We continually explore new technology and different ways of working to put our clients first. So bring your boldest ideas to our Information Security Team and feel you’re making progress.

About your team:
In this role you will be part of a team looking after all aspects of FFB’s Information Security. The information security team safeguards information by seeing that security risks are identified, assessed, and accurately reported. Additionally, the function is charged with ensuring local procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines and standards.

The team collaborates with all 2nd line functions to provide guidance to and oversee activities in 1st line functions.

About your role:
You will work as an Information Security Auditor in the FFB Information Security Team. There is a strong regulatory requirement to build up and further develop the audit capabilities and capacity within the 2LoD Information Security function to help design and implement the audit framework, methodology and processes to perform audits within FFB and at service providers. Main aspects of your role are:

- Further develop the existing IS audit methodology and create audit plans
- Plan IS audit reviews and prepare audit reports with recommendations for improvement
- Conduct IT security audits at service providers to assess the organization’s information security status
- Review compliance with IT security policies and regulatory requirements
- Support the implementation of security controls and risk mitigation measures
- Work with the wider security team to manage exceptions to the controls, preparing any required documentation, advising management of decisions and tracking any agreed rectification plans through to completion
- Preparation of regular senior management reporting and metrics.
- Follow related legislation and regulation and to liaise with other functions including Technology to manage any resultant gaps or inconsistences

You will report to the Information Security Officer directly.

About you:
Eager to grow your knowledge and your career, you’ll fit right in. You’ll succeed because you have:

- Experience in Information Security in an organisation, preferably Financial Services.
- Several years of experience in IT auditing, IT security auditing, or IT risk management
- Hands-on experience in conducting audits, risk assessments, and security evaluations
- Experience working with internal and external auditors as well as regulatory authorities
- Understanding of German data protection, privacy and practices is desired
- Familiar with relevant information security standards such as ISO 27001, NIST, COBIT
- Preferred certifications: CISA, CISSP, CRISC, ISO 27001 Lead Auditor
- Ability to plan, organise, co-ordinate and work well under pressure without supervision
- An eye for detail with ability to produce accurate, well-structured reports according to deadlines
- Innovative and team worker
- Excellent desktop skills, especially office 365, including Word and Excel.
- Fluent in English and German, spoken and written; other languages advantageous.

Feel rewarded: