Logo Commerzbank AG

Senior Cyber Hygiene Governance Engineer

Commerzbank AG

Job

  • Level
    Senior
  • Job Feld
    IT, Security
  • Anstellung
    Teilzeit / Vollzeit
  • Vertragsart
    Unbefristetes Dienstverhältnis
  • Ort
    Frankfurt am Main
  • Arbeitsmodell
    Onsite

    • Job Zusammenfassung

    In dieser Position entwickelst du das Cyber Hygiene Governance Framework weiter, definierst Kontrollen, bereitest Audits vor und unterstützt bei der Umsetzung von regulatorischen Anforderungen für eine nachhaltige Sicherheitskultur.

    Deine Rolle im Team

    • The Senior Cyber Hygiene Governance holds overall subject-matter responsibility for the cyber hygiene governance framework with a strong focus on audit and evidencing requirements.
    • The role ensures that cyber hygiene controls (Govern/Identify/Protect) are clearly defined, consistently implemented, effectively monitored and audit-ready.
    • It acts as a central interface for internal and external audits as well as supervisory reviews in the context of cyber hygiene.
    • Design, maintain and continuously improve the cyber hygiene governance framework (policies, standards, SLAs, RACI, exception and risk acceptance processes).
    • Ensure that cyber hygiene requirements are clear, consistent and operationally implementable (especially for vulnerability, patch and baseline configuration management).
    • Translate regulatory and 2nd Line of Defense requirements (e.g. DORA, BAIT, MaRisk, NIS 2, PCI-DSS, SOC2-like frameworks) into concrete cyber hygiene controls and control objectives.
    • Regularly assess the effectiveness of implemented controls, identify control gaps and drive remediation measures.
    • Act as central point of contact for Internal Audit, external auditors and supervisory authorities on cyber hygiene topics.
    • Plan, coordinate and support audits and reviews (incl. preparing stakeholders, providing evidence, creating overviews and mappings of controls).
    • Ensure audit-proof documentation of controls, roles, processes, decisions, exceptions and risk acceptance cases.
    • Support definition, evaluation and follow-up of audit findings, management actions and remediation plans until closure.
    • Define, evolve and maintain KPIs, KRIs, scorecards and reporting models for cyber hygiene, including an audit and compliance perspective.
    • Prepare executive-ready reports for CISO, Risk Management, Compliance, Internal Audit and steering committees.
    • Ensure that structural insights from Security Problem Management (root causes, trend analyses, recurring weaknesses) are reflected in governance artefacts and control requirements.
    • Support prioritisation of issues with high relevance for audits and regulatory compliance.
    • Advise business and IT stakeholders and senior management on cyber hygiene governance, controls and audit expectations.
    • Develop and deliver guidelines, training and FAQs on governance and audit requirements related to cyber hygiene.
    • Coach Junior and Regular Governance Specialists, especially on audit-ready documentation and interaction with auditors.

    Unsere Erwartungen an dich

    Qualifikationen

    • Deep knowledge of relevant security frameworks and regulatory requirements (e.g. ISO 27001/2, DORA, BAIT, MaRisk, NIS 2, PCI-DSS, SOC2-like frameworks).
    • Strong understanding of cyber hygiene controls (vulnerability, patch and configuration management) and how to evidence them to auditors and regulators.
    • Strong strategic, conceptual and systemic thinking with a focus on traceability, auditability and sustainability of solutions.
    • Excellent communication, facilitation and stakeholder management skills - especially in dealing with Audit, supervisory bodies, CISO, Risk Management and IT.
    • High resilience and professionalism in critical audit and escalation situations.
    • Excellent English skills (written and spoken); German is a strong plus.
    • Relevant certifications are an advantage (e.g. ISO 27001 Lead Implementer/Lead Auditor, CISM, CRISC, CISA).

    Erfahrung

    • Several years of experience in cyber security governance, IT risk management, internal/external audit or comparable roles in regulated industries (ideally financial services / critical infrastructure).
    • Experience in control design and assessment (design & operating effectiveness) and in deriving remediation measures from audit findings.
    • Experience with defining and using KPIs/KRIs for governance and audit-related reporting.

    Unser Angebot

    • 30 days of vacation.
    • Flexible work.
    • Employee conditions.
    • Professional training & development.
    • Capital-forming benefits.
    • Friendly work environment.
    • Diverse tasks.
    • Work-life balance.

    Benefits

    Work-Life-Integration

    Mehr Netto

    Gesundheit, Fitness & Fun

    Themen mit denen du dich im Job beschäftigst

    Job Standorte

    • Standort Frankfurt am Main

      Hessen

      Deutschland

    Das ist dein Arbeitgeber

    Commerzbank AG

    Commerzbank AG

    Die Commerzbank ist eine international agierende Geschäftsbank mit rund 49.000 Mitarbeitern und Standorten in nahezu 50 Ländern. Sie ist in den beiden Geschäftsbereichen Privat- und Unternehmerkunden sowie Firmenkunden tätig und bietet ihren Kunden ein umfassendes Portfolio an Finanzdienstleistungen an.

    Description

  • Unternehmensgröße
    250+ Employees
  • Unternehmenstyp
    Etablierte Firma
  • Arbeitsmodell
    Full Remote, Hybrid, Onsite
  • Branche
    Banken, Finanz, Versicherung

    • Dev Reviews

    by devworkplaces.com

    Gesamt

    (1 Bewertung)
    3.6

    • Workingconditions

      4.4

    • Engineering

      3.2

    • Career Growth

      3.6

    • Culture

      3.5
    Alle Dev Reviews anzeigen
    Logo Commerzbank AG

    Senior Cyber Hygiene Governance Engineer

    Commerzbank AG
    Ort
    Frankfurt am Main
    Arbeitsmodell
    Onsite
    Diversität
    Für alle Personen geeignet (m/w/d)

    Weitere Jobs