Your mission Lead and develop a small internal audit team with a focus on excellence and continuous improvement. Design and execute the annual audit plan, prioritizing areas of regulatory and operational significance. Act as the central point of contact for all internal and external audit stakeholders. Audit Execution & Oversight: Plan and conduct risk-based audits with an emphasis on IT systems, information security, and crypto-related processes. Review compliance with regulatory frameworks such as MiCAR, DORA, BAIT, MaRisk, and the KWG. Perform audits covering information security, application development, IT operations, IT governance, data management, and outsourcing. Reporting & Communication: Prepare detailed audit reports with actionable recommendations. Present findings to executive management and relevant governance committees. Support reporting requirements for quarterly and annual audit activities. Advisory & Risk Mitigation: Provide advisory services to business units on regulatory requirements, IT controls, and industry best practices. Support the ongoing enhancement of the internal control system (ICS), particularly in the area of cybersecurity. Monitor implementation of remediation measures and follow up on audit findings. External Collaboration Coordinate and liaise with external auditors and supervisory authorities. Manage external service providers involved in audit projects. What you need to be successful: University degree in Computer Science, Information Systems, or a related field. At least 5 years of experience in auditing financial institutions, preferably with a focus on IT or crypto services. Proven knowledge of relevant regulatory frameworks: MiCAR, DORA, BAIT, MaRisk, KWG. Solid understanding of blockchain technology and crypto asset services. Experience leading small teams and managing cross-functional audits. Familiarity with audit standards such as ISO/IEC 27001, BSI IT-Grundschutz, NIST, or COBIT. Strong analytical and problem-solving skills. Clear and structured communication style with the ability to explain complex technical topics to non-specialists. High level of initiative and ability to deliver under pressure. Professional demeanor and strong stakeholder management capabilities. Certifications (Preferred): CIA (Certified Internal Auditor CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), or equivalent professional designations. Willingness to stay current in a rapidly evolving regulatory and technological environment. Fluent in English; German is a plus. What’s in it for you: A high-impact role with direct influence on the security, compliance, and resilience of a regulated crypto custodian. Attractive compensation package. Flexible working hours and hybrid working with not more than 3 days in the office. Access to extensive training and development programs. A dynamic and innovative environment within a fast-growing industry. About us Finoa is a regulated crypto asset platform for institutional investors co-founded in 2018 by Christopher May and Henrik Gebbing. The company came to life through the shared aspiration to make institutional interactions with crypto assets simple and secure, and is backed by prominent investors, including Balderton Capital, Coparion, Maven11, Signature Ventures, and Venture Stars. Finoa has since then grown into a truly international company, powered by a diverse team and serving high-profile clients from around the world. Reference clients include renowned venture capital firms, crypto hedge funds, corporates, Web3 companies, and high-net-worth individuals. If you want to join one of Europe’s most exciting crypto start-ups, be part of the next wave of innovation disrupting finance, and grow together with us, then this is your chance to apply. Finoa is an equal opportunity employer devoted to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, or disability status.