Audit & Risk Expert (f/m/d): Delos Cloud

About Delos Cloud
Delos Cloud, a start-up founded by SAP, strives to deliver a sovereign cloud platform for the digitaltransformation of the German public sector. The platform is an essential component for the implementation ofthe German Administrative Cloud Strategy (DVS) in compliance with all relevant data protection, IT security,and secrecy requirements of the BSI. Delos Cloud is a trusted partner of the federal, state, and local IT serviceproviders and complements their service portfolio. Therefore, you will find exciting and varied tasks in aninnovative and meaningful environment. For more information, please visit: www.deloscloud.de

Your Future Role & Responsibilities: 

• Monitor and audit the organization's compliance level towards legal requirements, guidelines / policies or industrial standards based on the internal Multi-Compliance Framework. 
• Planning, organization, and performance of internal audits as financial, operational, process or system audits. 
• Develop and manage the internal and external audit program and plan. 
• Conduct risk assessments and business impact analyses to identify vulnerabilities and develop strategies for risk mitigation. 
• Identify and assess potential risks across various areas of the organization, including operational, financial, strategic, and compliance risks. 
• Evaluation of risks and related internal controls, and subsidiary audits incl. subcontractors and partners. 
• Assess the effectiveness of the internal control systems, covering the integrated Management System landscape, which include policies, procedures, to prevent fraud, errors, and mismanagement.  
• Monitor and evaluate the effectiveness of risk mitigation measures and adjust strategies as necessary 
• Identify areas of vulnerability, such as fraud risks or operational inefficiencies, and recommend measures to mitigate those risks. 
• Prepare detailed audit reports, document findings, and make recommendations to management for improving processes, controls, and risk management. 
• Track the implementation of audit recommendations and assess their effectiveness. 
• Stay updated on industry best practices, emerging risks, and regulatory changes to enhance the effectiveness of internal audits. 
• Establish IT security audit procedures relevant to Information Security Standards and other regulations, e.g., data privacy laws. 
• Collaborate with representatives of federal administration, business partners and SAP internal units to enforce existing/ new compliance requirements, policy exceptions and to drive internal and external audit processes. 
• Develop program performance indicators and metrics pertaining to risk and compliance; report performance to leadership against established metrics 

Profile & Required Skills:

• Excellent understanding of compliance and auditing practices and methodology (e.g. ISAE 3000/ISAE 3402 (SOC 1/SOC, ISO22301, ISO 9001) 
• IT Security laws, management standards (BSI IT-Grundschutz, BSI Standards 200-1, 200-2, 200-3, and 200-4, C5, ISO 27001), regulations, strategies, processes, and services 
• In-depth knowledge of risk management principles, methodologies, and best practices. 
• Strong analytical and problem-solving skills, with the ability to assess and mitigate risks effectively. 
• Highly skilled in risk related activities 
• Certifications like CPA, CISA, CISM, CRM, or CRISC are an asset 
• Highly skilled in security, audit and compliance related activities. 
• Focus on Quality and Results 
• Excellent theoretical and practical knowledge of IT Processes as well as of the underlying Policies 
• Teamwork and collaboration 
• Fluent German and English language skills both written and oral 
• EU citizenship

Work experience:

• 10+ years professional experience in auditing (IT Audit and Governance, Risk, Compliance)  
• Experience in security operations and coordination of contracted 3rd party resources

#DelosCloud