Les missions du poste
Mission
Conduct high value-added IT and cyber audit engagements, covering the governance, risks, controls and compliance of information systems (IS), to provide independent assurance to the Audit Committee and Management, and recommend pragmatic actions to improve security, resilience and operational efficiency.
Scope
*
IT governance & strategy (COBIT, ITIL, risk appetite, sourcing, third-party/TPRM).
*
Cybersecurity & Resilience (ISO 27001/2, NIST CSF, DORA/ICT Risk, BCM/DRP, IAM/PAM).
*
Opérations & production (ITSM, change/release, capacity/availability, backup/restore).
*
Développements & data (SDLC/DevSecOps, CI/CD, code repos, data quality, data lineage).
*
Infrastructure & Cloud (onprem, IaaS/PaaS/SaaS, Kubernetes/containers, hardening).
*
Networks & endpoints (segmentation, EDR, vulnerabilities, patch/ConfigMgmt).
*
Critical applications (core banking/insurance, payments, IFRS/solvency, CRM).
*
Regulatory compliance (DORA, GDPR, TPRM, EBA/ESMA guidelines, PCI DSS if applicable).
*
Cross-functional themes (AI/ML, RPA, API management, identity & access, TPRM/cloud).
Key Responsibilities
*
Prepare and conduct end-to-end audit missions: scoping, risk analyses, work programs, design & operating effectiveness tests.
*
Assess the maturity of controls, identify gaps and make concrete, prioritized recommendations (risk/impact/cost/effort), with owners and deadlines.
*
Manage several missions in parallel; provide functional supervision to auditors (test plan, file review, skills development).
*
Write clear and impactful reports (executive summary, ratings, heatmaps); present to sponsors, CIOs/CISOs and Audit Committees.
*
Follow action plans (remediation tracking), challenge post-remediation effectiveness.
*
Contribute to the risk-based audit plan (RBA): mapping, risk monitoring, DORA/GDPR coverage.
*
Animate audit data analytics (scripts, indicators) and develop methods (CAATs, continuous auditing/monitoring).
*
Maintain a watch (cyber, cloud, regulatory) and disseminate best practices.
Indicators of success (KPIs)
*
DORA/TPRM /GDPR Critical & Thematic Risk Coverage.
*
% Recommendations accepted and implemented on time.
*
Reduction of residual risk (before/after) or rate of recurring incidents.
*
Quality of files (internal/external reviews, QAR/IIA).
*
Stakeholder satisfaction (feedback scores).
*
Productivity (delivered missions vs. plan, timetoreport, use of data analytics).
Example of short-term assignments
*
DORA Review: ICT Governance, Major Incident Management & Registry, Resilience Testing.
*
Cloud audit (Azure/AWS): IAM, logging/monitoring, segmentation, encryption, backups.
*
DevSecOps audit on CI/CD chain and secrets management.
*
IAM/PAM Review: Roles, Recertifications, SoD, Privileged Access.
*
Cyber resilience & DRP: RTO/RPO, restore tests, TPRM dependencies.
*
Data audit: quality, lineage, access controls, GDPR compliance.
Le profil recherché
Education & Qualifications
*
Master's degree in Information Technology, Computer Science, Information Security, or related field.
*
Professional certifications strongly preferred: CISA, CISM, CISSP, CIA, or equivalent.
Experience
*
3-4 years of experience in IT audit, IT risk management, or cybersecurity, preferably in banking, financial services, or a regulated environment.
*
Demonstrated experience leading IT audit engagements from planning through reporting.
*
International or cross-cultural experience is an advantage.
Skills
*
Strong knowledge of IT general controls, information security, cybersecurity frameworks, IT infrastructure, databases, networks, and cloud environments.
*
Good understanding of ECB/EBA regulatory expectations, GDPR, and industry frameworks.
*
Proven ability to manage stakeholders and communicate effectively with both technical and non-technical audiences.
*
Fluent English (written and spoken) is required; French is an asset.
Mindset
*
Professional skepticism combined with solution-oriented thinking.
*
Strong leadership and mentoring capabilities.
*
Adaptability to work in a fast-changing, international environment.
What We Offer
*
A strategic role in the Group's Internal Audit function with exposure to senior management.
*
Professional development opportunities including advanced certifications and leadership training.
*
Participation in audits across diverse geographies and IT environments.
*
Hybrid working model, based in Paris.
Les avantages
- Aménagement des locaux
- Parking gratuit à proximité
- Proche transport en commun
- Locaux modernes
- Salle de sport
- Cafétéria
- Cantine
- CE
- Parking vélo
- 13ème mois
- Bonne mutuelle
- Intéressement ou participation
- RTT
- Télétravail
- Espaces calmes
Les étapes de recrutement
Les étapes de recrutement peuvent varier selon l'offre à laquelle vous postulez.
-
Un premier échange téléphonique de 15/20 min avec un membre de l'équipe Recrutement
-
Entretien par visio ou en présentiel avec un Responsable Ressources Humaines
-
Entretien avec votre futur manager (et pourquoi pas collègues)
-
Mobilize Financial Services en images
Publiée le 05/06/2026 - Réf : JOBREQ_50264221_1780647577
