Description

• Operate and evidence change controls including documented requirements, approvals, peer reviews, migration logs, and deployment segregation
• Coordinate with application, infrastructure, and security teams to improve evidence quality and close exceptions within service level targets
• Integrate information security risk management activities into project and change lifecycles and document risk treatment decisions
• Operate and evidence IT operations controls including backup and restore testing, batch and job monitoring, incident and problem management, configuration baselines, and alerting
• Map change and operations controls to ISO 27001 controls and maintain artifacts required for ISMS management reviews
• Track and report key indicators such as unauthorized change rate, restore success, and incident remediation performance
• Review third party reports and supplier control statements for change, configuration, and network operations that impact financial reporting
• Ensure operational logging and backups handle sensitive data according to the data classification framework and privacy requirements
• Implement requirements from relevant regulations including NIS2 in change and operations control activities
• Provide training and guidance on SOX compliance and IT controls to IT teams

• Bachelor’s degree in Information Systems, Computer Science, or a related field
• Two to four years of experience in IT audit or IT controls with familiarity in SDLC workflows, CI/CD pipelines, and configuration management
• Strong understanding of PCAOB expectations for change and operations controls
• Working knowledge of ISO 27001 and ISMS practices including Statement of Applicability mapping and management review inputs
• Ability to validate the completeness and accuracy of operational data and reports used in controls testing
• Experience with incident, problem, and change processes and related ticketing tools
• Exposure to vendor security documentation such as SOC reports and coordination with Legal and Privacy
• Proven ability to work in complex, cross-functional environments

• Strong analytical and problem-solving skills
• Excellent communication and stakeholder management abilities
• Ability to translate regulatory and technical requirements into practical processes
• Structured, detail-oriented, and proactive working style
• A valid work permit for Austria is a prerequisite for this position (Non-EU citizens: please attach the work permit to the application)