Giesecke+Devrient

1 Job

8,272 Employees

About the Company

Giesecke+Devrient (G+D) is a global SecurityTech company headquartered in Munich, Germany. G+D makes the lives of billions of people more secure. The company shapes trust in the digital age, with built-in security technology in three segments: Digital Security, Financial Platforms and Currency Technology.

G+D was founded in 1852 and today has a workforce of more than 14,000 employees. In the fiscal year 2023, the company generated a turnover of 3 billion euros. G+D is represented by 123 subsidiaries and joint ventures in 40 countries.

Listed Jobs

Company Name: Giesecke+Devrient
Job Title: Internal Audit Manager - IT & Security (
Job Description: **Job Title** Internal Audit Manager – IT & Security **Role Summary** Lead and expand the 3rd line audit function for IT operations, cybersecurity, physical security, and emerging technologies (AI). Design risk‑based audit plans, execute engagements, assess control effectiveness, and deliver independent findings to senior stakeholders. Maintain independence, quality, and compliance with ISO 27001, PCI, GSMA, and OWASP SAMM standards. **Expectations** - Deliver end‑to‑end audit engagements with clear scope, fieldwork, reporting, and remedial follow‑up. - Ensure audit results are actionable, business‑aware, and communicated to management and the audit committee. - Maintain regulatory and industry alignment, updating audit scope as technology and risk landscapes evolve. - Support continuous improvement of the internal audit methodology and audit evidence repository. - Travel and work across time zones as required. **Key Responsibilities** 1. Develop and implement a risk‑based audit plan covering IT, cybersecurity, network infrastructure, IAM, system hardening, secure development, incident response, AI governance, physical security, and vendor compliance. 2. Lead audit engagements from scoping, through fieldwork, to reporting and remediation tracking. 3. Evaluate control effectiveness and identify gaps in the organization’s cybersecurity and physical security posture. 4. Conduct compliance audits against ISO 27001, PCI, GSMA, and OWASP SAMM, documenting findings, recommendations, and corrective actions. 5. Collaborate with 2nd line controls owners to understand risks, control frameworks, and to develop intuitive audit recommendations. 6. Prepare clear, concise audit reports and executive summaries; present findings to senior management and audit committee. 7. Monitor and verify implementation of remediation actions, ensuring control activities are restored and risks mitigated. **Required Skills** - Proven experience (5–7 years) in IT audit, cyber risk, or related risk management roles. - In‑depth knowledge of ISO 27001, OWASP SAMM, PCI DSS, GSMA, and other relevant cyber frameworks. - Strong analytical, investigative, and documentation skills with ability to simplify complex technical concepts for business audiences. - Excellent written and verbal communication, stakeholder engagement, and presentation skills. - Ability to manage multiple audits simultaneously and meet demanding deadlines. - Proficiency in English; German or Spanish a plus. - Comfortable working in a multicultural, fast‑paced environment with frequent travel and cross‑time‑zone collaboration. **Required Education & Certifications** - Bachelor’s or Master’s degree in Information Security, Computer Science, or related field. - Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) (or equivalent). - Additional certifications in cybersecurity or risk management are advantageous.