Security Auditor (m/f/d) Region: Cologne or Kunzelsau(remote working partly possible) Department: IT Security The BERNERGroup is a European trading company for professionals in themobility, construction and industry sectors. We are the leading B2Bspecialist and an innovative manufacturer of chemical products. Ourpurpose is: We are pushing the limits of the possible for theshapers of a better tomorrow. This means that our strong brandsBERNER, BTI by BERNER and CCS help our customers to keep theirbusiness successful and running. Aufgaben Conducting audits ofsecurity controls, risk management processes and compliance withinIT environments, ensuring adherence to relevant frameworks andregulatory standards Collaborating with internal teams toevaluate security practices and identify gaps or weaknesses incontrols Advising on remediation actions to address auditfindings and improve the security posture Providing support inpreparing for audits from external parties or regulatory bodies,ensuring compliance documentation is complete and accurate Performing risk assessments and assisting in the development ofrisk mitigation strategies Ensuring continuous improvement ofinternal audit processes and security compliance practices Communicating audit findings clearly to stakeholders, includingsenior management, and providing recommendations for risk reductionand improved governance Monitoring and reporting on theeffectiveness of security policies and controls, helping to driveadherence to industry best practices Profil Degree in ITSecurity, Information Systems, Business Administration or a similarfield Strong knowledge of security frameworks and standards, suchas NIS2, ISO 27001, NIST, SOC 2 and other relevant regulations andindustry best practices Extensive experience in conducting ITsecurity audits, vulnerability assessments and compliance reviews Ability to assess and audit security controls, risk managementprocesses and policies, identifying areas for improvement andensuring compliance with regulatory requirements Technicalexpertise to audit and assess complex technical systems, not justprocesses, ensuring a thorough understanding of both the technicaland operational aspects of the systems being reviewed Fluency inEnglish (both written and spoken) Strong analytical skills withthe ability to evaluate complex security data and developactionable insights Excellent stakeholder management skills, withthe ability to work effectively with internal and externalstakeholders at all levels, driving necessary changes in processesand systems Strong interpersonal skills to guide and influencechange management initiatives within the organization AdditionallyDesired Qualifications: Broad experience across various domainsof security Proven experience in auditing and governance, riskand compliance (GRC), preferably with a background in a Big Fourauditing firm or a similar organization German language skillshelpful but not required Wir bie