IT Internal Auditor (Cybersecurity)

TL;DR

IT Internal Auditor (Cybersecurity): Conducting reviews of IT systems and business processes to ensure compliance with group policies and international standards with an accent on risk management, control, and governance. Focus on developing IT audit programs, identifying risk discrepancies, and preparing formal reports for the Audit Committee.

Location: Porto, Portugal

Company

Leading European capital market covering the entire value chain from listing and trading to clearing and settlement.

What you will do

• Deliver the internal audit plan for the IT scope and review systems for compliance with policies and laws.
• Develop and execute risk-based IT audit programs and testing procedures.
• Identify discrepancies and provide recommendations for risk reduction and process improvement.
• Prepare formal audit reports for management and the Audit Committee.
• Support annual risk assessments and follow up on implemented recommendations.
• Ensure audit activities are documented according to organizational methodologies.

Requirements

• Master's degree in Computer Science, Cybersecurity, Information Technology or related field.
• At least 3 years of relevant experience in IT or information security.
• Strong understanding of IT systems (networks, databases, OS) and application controls.
• Knowledge of COBIT, NIST, ITIL, and ISO 27001 & 27002.
• Fluent English (spoken and written).
• Must be based in Porto, Portugal.

Nice to have

• Previous experience with a Big Four firm.
• CISA, CISSP or related professional certifications.
• Deep understanding of cybersecurity frameworks.

Culture & Benefits

• Collaborative and dynamic team environment.
• Support for professional development through relevant certifications and training.
• Sponsorship for auditors to acquire the skills and tools needed to grow and succeed.