At Giesecke+Devrient, a global leader in SmartCards and Secure Payment Elements, we are seeking a Internal Auditor to lead and enhance our 3rd Line audit program across IT operations, cybersecurity, physical security, and emerging technologies such as AI. This role involves designing and executing risk-based audits, ensuring compliance with ISO 27001 and OWASP SAMM, and collaborating with 2nd Line stakeholders to understand risk and control frameworks, while maintaining strict independence in assessment and reporting
Key Responsibilities:
* Develop and execute a risk-based audit plan covering IT, cybersecurity, and physical security.
* Lead end-to-end audit engagements, including scoping, fieldwork, reporting, and follow-up.
* Assess control effectiveness in areas such as network infrastructure, IAM, system hardening, and secure development.
* Conduct reviews of cybersecurity incident response, AI governance, and emerging technology risks.
* Evaluate physical security controls and vendor compliance.
* Perform compliance audits against standards like ISO 27001, PCI, GSMA, and OWASP SAMM.
Your Profile:
* Bachelor’s or Master’s in Information Security, Computer Science, or related field.
* 5–7 years of experience in IT audit or risk roles.
* CISA, CIA, or equivalent certification.
* Strong knowledge of ISO 27001, OWASP SAMM, and cybersecurity frameworks.
* Ability to write and present audit findings in a clear, business-savvy manner.
* Proficiency in English is essential; additional language skills such as German or Spanish are a strong advantage.
* Excellent analytical, communication, and stakeholder engagement skills.
* Enjoys working in diverse, multicultural teams and collaborating across global functions.
What we offer
* CULTURE: Join a professional, dynamic environment where collaboration, teamwork, and innovation are valued.
* PHILOSOPHY: Be part of a team where your ideas and contributions have real impact.
* SCHEDULE: Mon–Thu 8:30–17:30h, Fri 8:30–15:30h (1h flexible start time). Hybrid work options available.
* CONTRACT & BENEFITS: Permanent contract, annual training plan, summer intensive schedule, company parking, flexible compensation (transport, childcare, training, health insurance).
* CANTEEN: Onsite cafeteria with breakfast and lunch at subsidized prices.
* LOCATION: El Prat de Llobregat, Mercabarna exit. Accessible via Bus 88/110 from Barcelona or PR4 from El Prat.