Offre d'emploi Auditeur IT senior

ABOUT FINANCIAL MOBILIZE SERVICES

As a partner caring for all its customers, Mobilize Financial Services builds innovative financial services to create sustainable mobility for all. A subsidiary of the Renault Group whose activity started almost 100 years ago, Mobilize Financial Services is the commercial brand of RCI Banque SA, a French Bank specializing in automotive financing and services for customers and dealers. With operations in 35 countries and more than 4,100 employees, the group financed over 1.2 million contracts (new and used vehicles) in 2024 and sold 3.7 million services. At end 2024, net assets stood at €44.7 billion in financing and pre-tax income at 1,194 million euros.



Since 2012, the group has rolled out a deposit collection business in several countries. At the end of December 2024, net deposits collected totaled €30.5 billions.

Mission

Conduct high value-added IT and cyber audit engagements, covering the governance, risks, controls and compliance of information systems (IS), to provide independent assurance to the Audit Committee and Management, and recommend pragmatic actions to improve security, resilience and operational efficiency.

Scope

*

IT governance & strategy (COBIT, ITIL, risk appetite, sourcing, third-party/TPRM).

*

Cybersecurity & Resilience (ISO 27001/2, NIST CSF, DORA/ICT Risk, BCM/DRP, IAM/PAM).

*

Opérations & production (ITSM, change/release, capacity/availability, backup/restore).

*

Développements & data (SDLC/DevSecOps, CI/CD, code repos, data quality, data lineage).

*

Infrastructure & Cloud (onprem, IaaS/PaaS/SaaS, Kubernetes/containers, hardening).

*

Networks & endpoints (segmentation, EDR, vulnerabilities, patch/ConfigMgmt).

*

Critical applications (core banking/insurance, payments, IFRS/solvency, CRM).

*

Regulatory compliance (DORA, GDPR, TPRM, EBA/ESMA guidelines, PCI DSS if applicable).

*

Cross-functional themes (AI/ML, RPA, API management, identity & access, TPRM/cloud).

Key Responsibilities

*

Prepare and conduct end-to-end audit missions: scoping, risk analyses, work programs, design & operating effectiveness tests.

*

Assess the maturity of controls, identify gaps and make concrete, prioritized recommendations (risk/impact/cost/effort), with owners and deadlines.

*

Manage several missions in parallel; provide functional supervision to auditors (test plan, file review, skills development).

*

Write clear and impactful reports (executive summary, ratings, heatmaps); present to sponsors, CIOs/CISOs and Audit Committees.

*

Follow action plans (remediation tracking), challenge post-remediation effectiveness.

*

Contribute to the risk-based audit plan (RBA): mapping, risk monitoring, DORA/GDPR coverage.

*

Animate audit data analytics (scripts, indicators) and develop methods (CAATs, continuous auditing/monitoring).

*

Maintain a watch (cyber, cloud, regulatory) and disseminate best practices.

Indicators of success (KPIs)

*

DORA/TPRM /GDPR Critical & Thematic Risk Coverage.

*

% Recommendations accepted and implemented on time.

*

Reduction of residual risk (before/after) or rate of recurring incidents.

*

Quality of files (internal/external reviews, QAR/IIA).

*

Stakeholder satisfaction (feedback scores).

*

Productivity (delivered missions vs. plan, timetoreport, use of data analytics).





Example of short-term assignments

*

DORA Review: ICT Governance, Major Incident Management & Registry, Resilience Testing.

*

Cloud audit (Azure/AWS): IAM, logging/monitoring, segmentation, encryption, backups.

*

DevSecOps audit on CI/CD chain and secrets management.

*

IAM/PAM Review: Roles, Recertifications, SoD, Privileged Access.

*

Cyber resilience & DRP: RTO/RPO, restore tests, TPRM dependencies.

*

Data audit: quality, lineage, access controls, GDPR compliance.

Profile

Education & Qualifications

*

Master's degree in Information Technology, Computer Science, Information Security, or related field.

*

Professional certifications strongly preferred: CISA, CISM, CISSP, CIA, or equivalent.

Experience

*

3-4 years of experience in IT audit, IT risk management, or cybersecurity, preferably in banking, financial services, or a regulated environment.

*

Demonstrated experience leading IT audit engagements from planning through reporting.

*

International or cross-cultural experience is an advantage.

Skills

*

Strong knowledge of IT general controls, information security, cybersecurity frameworks, IT infrastructure, databases, networks, and cloud environments.

*

Good understanding of ECB/EBA regulatory expectations, GDPR, and industry frameworks.

*

Proven ability to manage stakeholders and communicate effectively with both technical and non-technical audiences.

*

Fluent English (written and spoken) is required; French is an asset.

Mindset

*

Professional skepticism combined with solution-oriented thinking.

*

Strong leadership and mentoring capabilities.

*

Adaptability to work in a fast-changing, international environment.



What We Offer

*

A strategic role in the Group's Internal Audit function with exposure to senior management.

*

Professional development opportunities including advanced certifications and leadership training.

*

Participation in audits across diverse geographies and IT environments.

*

Hybrid working model, based in Paris.