
PKF Wulf Gruppe · Stuttgart
EINTRITTSDATUM Ab sofort GESTALTE DEINE ZUKUNFT MIT UNS – ÜBERNIMM SPANNENDE AUFGABEN UND WACHSE AN DEINEN HERAUSFORDERUNGEN Du hast bereits Berufserfahrun...
Ab sofort
GESTALTE DEINE ZUKUNFT MIT UNS – ÜBERNIMM SPANNENDE AUFGABEN UND WACHSE AN DEINEN HERAUSFORDERUNGEN
Du hast bereits Berufserfahrung gesammelt und möchtest dein Wissen im Bereich IT Audit weiterentwickeln?
Mit den erweiterten Anforderungen des Prüfungsstandards ISA 315 gewinnt die Prüfung von IT-Systemen und IT-Kontrollen zunehmend an
Bedeutung. Unterstütze unsere Audit-Teams dabei, IT-gestützte Prozesse und Systeme unserer Kunden zu analysieren und Governance-,
Risk- und Compliance-Anforderungen sicherzustellen.
„Berate die Berater“ und begleite unsere Kunden bei der Weiterentwicklung ihrer IT-Kontrollen und Prüfungsprozesse.
Umstellungen
und automatisierten Applikationskontrollen in Prozessen
oder ERP-Systeme wie SAP/Microsoft
Gestalte deinen Tag flexibel mit Vertrauensarbeitszeit. Mobiles Arbeiten und realer Überstundenausgleich sorgen für deine
Work-Life-Balance. Regelmäßige Fortbildungen und Unterstützung bei Berufsexamina machen dich zum Game-Changer im Business.
Gemeinsame Events und echter Teamspirit treiben dich an. Hier bist du ein Teil davon. Wir sind mutige Möglichmacher und
Zukunftsgestalter!
Dann nutze die offene Bewerbung, um dich mit deinen Fähigkeiten oder Wünschen vorzustellen und wir finden den passenden Platz für
dich!
Wir freuen uns über deine Bewerbung direkt über unser Upload-Formular!
Melde dich bei Fragen jederzeit gerne.
Elisabeth Paukstadt
WORUM ES GEHT Als Senior Consultant im Bereich Cloud Compliance & Governance berätst du unsere Kunden dabei, ihre Cloud-Umgebungen regulatorisch konform, sicher und nachhaltig zu gestalten. Du arbeitest an der Schnittstelle zwischen Recht, Regulatorik und Cloud-Technologie – in wechselnden Kundenprojekten, von mittelständischen Unternehmen bis hin zu Konzern-Umgebungen und kritischen Infrastrukturen. Dabei kombinierst du tiefes Fachwissen in Compliance-Frameworks mit Beratungskompetenz: Du leitest die Analyse, Konzeption und Umsetzung von Compliance-Strategien, Governance-Frameworks und regulatorischen Anforderungen – von DSGVO über NIS2 bis hin zu EU AI Act und BSI-Grundschutz. DAS BEGEISTERT DICH * Beratung von Kunden zu Cloud Compliance Strategien und regulatorischen Anforderungen (DSGVO, NIS2, DORA, KRITIS, EU AI Act) * Aufbau, Weiterentwicklung und Betrieb von Informationssicherheitsmanagementsystemen (ISMS) * Durchführung von Compliance Assessments, Reifegradanalysen und internen/externen Audits (1st & 2nd Party) * KonzeptionundImplementierungvon Cloud Governance Frameworks, Cloud Policy Management und Cloud Operating Models * Einführung und Optimierung von MicrosoftPurview(alle Module: DLP, eDiscovery, Records Management, MIP, Insider Risk) * Gestaltung von DataGovernancePlattformen, Information Lifecycle Management und RetentionPolicies * Beratung zu Datenschutz (DSGVO), PrivacybyDesign und DigitalSovereignty(EU Sovereign Cloud, Gaia-X) * Begleitung von Third Party Risk Management und Vendor Assessment Prozessen * Aufbau von Compliance Reporting & Dashboards und Compliance Management Plattformen (GRC) Das bringst du mit * Mehrjährige Erfahrung in IT-Compliance, Datenschutz, CloudGovernanceoder GRC-Beratung * Fundierte Kenntnisse in mindestens einem Compliance-Framework: ISO 27001, BSI-Grundschutz, DSGVO, NIS2, DORA o.ä. * Kenntnisse in Microsoft 365 / Azure Compliance-Lösungen, idealerweise MicrosoftPurview * Verständnis von Cloud-Architekturen und CloudGovernance-Konzepten * Du kannst komplexe regulatorische Anforderungen verständlich für Kunden erklären und in technische Konzepte übersetzen Nice to have * Microsoft-Zertifizierungen(z. B. SC-401: Information Protection & Compliance Administrator; MS-102: Microsoft 365 Administrator Expert; SC-900: Security, Compliance & Identity Fundamentals) * ISACA-Zertifizierungen(z. B. CISA: Certified Information Systems Auditor; CISM: Certified Information Security Manager; CRISC: Certified in Risk and Information Systems Control) * IAPP-Zertifizierung CIPP/E: Certified Information Privacy Professional/Europe (DSGVO-Fokus) * ISO 27001 Lead AuditoroderLead Implementer (z. B. PECB, BSI Group) * Erfahrung in Beratungsprojekten oder externen Kundenumfeldern * Kenntnisse in weiteren Regularien (EU AI Act, KRITIS,eIDAS, FiDA) * Erfahrung mit GRC-Plattformen oder Compliance Management Tools Typische Technologien & Themen * Microsoft Purview (alle Module: DLP, eDiscovery, Records Management, MIP, Insider Risk Management) * Microsoft 365 Compliance &Governance * Cloud Plattformen: Microsoft Azure / AWS / GCP * Compliance-Frameworks: ISO 27001, BSI-Grundschutz, DSGVO, NIS2, DORA, EU AI Act * Cloud Governance Framework & Cloud Policy Management * DataGovernance, Information Lifecycle & eDiscovery * GRC-Plattformen & Compliance Reporting WARUM WIR? Dein Onboarding bei Comma Als Senior Consultant bringst du fundierte Expertise und fachliche Expertise mit - darauf bauen wir auf. Deshalb konzentriert sich dein Onboarding auf das Wesentliche: die richtigen Kontakte, ein tiefes Verständnis unserer Kultur und Arbeitsweise sowie Orientierung in unseren Strukturen und Entscheidungswegen. Ein strukturierter Austausch mit erfahrenen Kolleg unterstützt dich dabei, schnell die relevanten Netzwerke aufzubauen und dich im Unternehmen zu verorten. Gleichzeitig lernst du unsere Methoden, Prozesse und Comma-spezifischen Arbeitsweisen kennen. So findest du schnell die Hebel, mit denen du bei Comma und in Kundenprojekten wirksam werden kannst. Unsere Benefits * Du arbeitest an vielfältigen Projekten bei DAX-Konzernen und führenden Mittelständlern. * Innovative, interdisziplinäre Themen verbinden wissenschaftlichen Tiefgang mit echter Hands-on-Mentalität. * Du hast viel Platz für eigene Ideen und kannst eigenverantwortlich gestalten und handeln. * Flexible Arbeitszeiten, freie Standortwahl, Überstundenausgleich und Reisezeit, die als Arbeitszeit zählt, geben dir die Freiheit, Beruf und Privatleben nach deinen Vorstellungen zu gestalten. * Ein faires Fixgehalt plus Bonus, Jobrad, Top-Ausstattung und viele weitere Benefits runden dein Paket ab. * Individuelle Weiterbildungs- und Laufbahnprogramme begleiten dich während deiner gesamten Zeit bei Comma Soft. * Erfahrene Profis und Newbies arbeiten direkt zusammen – unterstützt durch ein strukturiertes Mentoring. * Ob Gipfelis (monatliche Mitarbeitertreffen), Grillen auf der Dachterrasse, GamesNights oder Sommerfeste mit deinen Liebsten – wir feiern gerne und oft zusammen.
The Role We are looking for a Cybersecurity Consultant to join our Cyber Consultancy team in Belfast. This is a hands-on consulting role focused on delivering cybersecurity and information security engagements, with a strong emphasis on ISO27001 implementations, audit readiness, and governance, risk, and compliance (GRC). You will lead client engagements end-to-end, from initial assessment through to implementation and audit, working closely with client stakeholders to deliver practical, measurable outcomes. What You Will Do Engagement Delivery: * Lead new and existing information and cybersecurity engagements. * Deliver ISO27001 implementations, from gap assessment through to certification readiness. * Deliver cyber incident exercising, including tabletop scenarios and simulations. Audit & Assurance: * Lead internal audits aligned to ISO27001. * Support clients through external audits and certification processes. * Drive remediation activities to close audit findings and strengthen control effectiveness. Risk & Compliance: * Conduct risk assessments and support the development of risk treatment plans. * Develop and implement policies, standards, and controls aligned to ISO27001. * Support clients in embedding effective governance, risk, and compliance practices. Stakeholder Management: * Work directly with client stakeholders to manage delivery, expectations, and outcomes. * Communicate clearly with both technical and non-technical audiences. * Manage multiple engagements and priorities effectively. What You Will Bring Essential: * Minimum 5 years’ experience in cyber or information security roles, with a focus on governance, risk, and compliance. * Proven experience delivering ISO27001 implementations end-to-end, including audit readiness. * Hands-on experience leading internal audits and supporting external audits. * Strong, practical knowledge of ISO27001 and ISMS implementation. * ISO27001 Lead Auditor certification. * Experience in consulting or project-based environments, with strong stakeholder management and communication skills. Nice to Have: * Experience delivering cyber incident exercising. * Knowledge of additional frameworks such as: * CAF (Cyber Assessment Framework) * NIST Cyber Security Framework * ISO22301 Lead Auditor certification (Business Continuity). * ISO42001 Lead Auditor certification (AI Management Systems). * Experience working in regulated or public sector environments. * Eligibility for, or holding, UK Security Clearance (SC). Why Join Instil? At Instil, we believe great work starts with happy, motivated people. That’s why we’ve built a benefits package that supports your wellbeing, growth, and life outside of work, because when you thrive, so do we. * Recognition That Matters: A discretionary annual performance bonus that rewards your impact and contribution to our success. * Flexibility Built In: Flexible working arrangements and summer hours, because life isn’t 9 to 5, and balance matters. * Financial Security: A highly competitive pension scheme with generous employer contributions, private healthcare, and life assurance for peace of mind. * Health & Wellbeing: Employee Assistance Programme, mental health support, cycle-to-work scheme, and regular social events to keep our culture vibrant. * Time to Recharge: 35 days holiday, enhanced maternity pay, and family-first policies so you can focus on what matters most. * Learning Never Stops: From courses to certifications, we’ll invest in your development so you can keep growing and shaping what’s next. * Community & Culture: Opportunities to volunteer, give back, and be part of initiatives that make Instil a truly inclusive and connected workplace. And that’s just the start, drop us a note to find out more. Company Description Instil has been delivering world-class software engineering and technology solutions for over 20 years, trusted by global brands to solve complex challenges and drive innovation. From modernising legacy systems to building cutting-edge applications, we help our clients navigate an ever-changing digital landscape with confidence and agility. We’re proud to be an award-winning employer, reflecting how our people are at the heart of everything we do: * Recognised as a Great Place to Work® for three consecutive years, and in 2024 ranked in the Top 20 Best Workplaces in the UK for medium-sized companies. * Winner of Company of the Year at the Digital DNA Awards 2022, celebrating excellence in Northern Ireland’s tech sector. Driven by a love for technology and a commitment to excellence, we bring together people who want to make a difference. We’ll support your journey, because your success is part of ours. #LI-PR1 #InstilCareers
Since being founded in 2018, Copper has been building the standard for institutional digital asset infrastructure with a focus on custody, collateral management, and prime services. Led by Amar Kuchinad, Copper's Global CEO, the firm provides a comprehensive suite of custody, trading and settlement solutions that reduce counterparty risk and bring greater capital and operational efficiency to digital asset markets. At the heart of Copper's offering is Multi-Party Computation (MPC) technology – the gold standard in secure custody. Copper’s multi-award winning custody system is unique in that it can be connected to centralised exchanges, DeFi applications and even staking pools without the assets leaving the custody. Built on top of this state-of-the-art custody, ClearLoop is the first solution in the market that overcomes a growing industry challenge; counterparty risk with exchanges. This solution underpins a full prime services offering, connecting global exchanges, and enabling customers to trade and settle directly from the safety of their MPC-secured wallets. By reducing settlement time for transfers to a few milliseconds (without blockchain network dependency) and offering enhanced security measures, ClearLoop is rapidly reshaping the way asset managers trade and manage capital. In addition to industry-leading security certifications, Copper has one of the strongest insurance coverages in the industry from an A+ rated insurer, positioning the firm as the partner of choice for institutions seeking to safeguard their assets. Department/Team Purpose: Copper provides institutional digital asset custody, settlement, and collateral management services across a wide range of blockchains and integrated venues. Information Security protects the firm's platforms, client assets, and regulated entities across the group. Role Purpose: The Principal Security Architect is the senior technical authority for security architecture at Copper. The role reports to the CISO and partners closely with Engineering. The holder sets architectural direction, reviews and approves designs for major change, and acts as the firm's reference point on the security of the systems, protocols, and integrations Copper depends on. The role is predominantly architecture and assurance, with limited hands-on solution design in the cloud and integration space where reference patterns are needed. Key Responsibilities: Architectural authority * Hold formal security sign-off authority for major changes to Copper's platforms, infrastructure, and integrations. * Shape and maintain the security architecture patterns, principles, and reference designs that engineering teams build against. * Provide the senior technical security position in architectural and business decisions, including escalations where security and delivery pressures conflict. Custody, signing, and cryptographic architecture * Provide architectural security leadership over Copper's signing infrastructure, working alongside specialist engineering and cryptography teams. Scope covers the people, process, and operational design around MPC-based signing. Solid conceptual grounding in threshold cryptography and signature schemes is required; cryptographer-level work is not. * Review and approve changes to transaction construction, signing flows, approval policy, and key lifecycle operations. * Provide architectural assurance over chain-of-trust constructs adjacent to custody, including verifiable build pipelines, hardware-backed code signing, and authenticator-bound administrative paths. Multi-chain and integration security * Reason at architectural depth across the range of blockchains Copper supports, including EVM, UTXO, and account-based non-EVM families. This requires a working understanding of transaction construction, signing semantics, consensus assumptions, and validator and staking models across these environments, without being a protocol engineer in any of them. * Assess third-party smart contract architectures, implementations, and audit reports to a level sufficient to understand the exploit and risk surface, without performing line-by-line code review. * Review first-party integrations with partner networks, including those underpinning staking and similar on-chain participation, and form a defensible security position on the operational and contract risk Copper inherits. Settlement, collateral, and off-exchange architecture * Provide architectural ownership of the security model for Copper's settlement, collateral mirroring, and off-exchange product surfaces. * Reason about the trust boundaries between Copper, venues, and clients, and ensure architectural controls match the obligations each side carries. Identity and access architecture * Own identity and access architecture as a dedicated pillar of the role. * Set patterns for workforce, workload, and third-party identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators. * Govern entitlement design, privileged access, and access models for contractors, vendors, and external operators. Cloud and platform security * Maintain working architectural fluency in both AWS and Azure, including network topology, segmentation, secrets handling, and platform telemetry. * Produce reference patterns and, where needed, direct integration designs in the cloud and platform space. Third-party and protocol risk * Lead technical security review of vendors, integrated venues, and protocols, including challenge of assurances that do not stand up to scrutiny. * Support client and counterparty due diligence on the technical content most likely to be misrepresented or under-specified. Policy, regulatory, and assurance support * Maintain a working understanding of the regulatory regimes applicable to Copper's licensed entities sufficient to translate architectural decisions into language Compliance and GRC can defend. Primary ownership of regulatory positioning sits elsewhere. * Contribute to security policy, standards, and control framework development as the senior technical reviewer. * Participate in resilience exercises and incident reviews where architectural input materially shapes the outcome. Skills and Experience: Essential * Multi-chain architectural literacy. Able to reason across EVM, UTXO, and non-EVM account-based chains at the level of transaction construction, signing, consensus, and validator models. Comfortable assessing third-party smart contract designs, implementations, and audit reports for exploit and risk surface without performing code review. * Custody and signing architecture. Strong conceptual grasp of threshold signing, signature schemes, and key lifecycle. Able to design and challenge the operational architecture around signing, separation of duties, approval policy, key ceremony equivalents in MPC, and recovery, to a high standard. * Settlement and collateral architecture. Demonstrable experience reasoning about settlement, collateral, and off-exchange constructs, including trust boundaries between custodians, venues, and clients. * Identity and access architecture. Senior-level experience designing and governing identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators. Comfortable with entitlement governance and third-party access design. * Cloud security. Working architectural understanding of AWS and Azure, including the ability to produce reference patterns and limited direct integration designs. * Architectural authority and judgement. Track record of holding sign-off on significant designs, taking defensible positions under uncertainty, and owning residual risk. * Change review and assurance. Comfortable reviewing the work of engineering peers, infrastructure changes, and vendor designs, and able to hold the line where it matters. * Communication. Able to operate credibly with engineers, senior business stakeholders, auditors, and regulators in the same week, without losing precision at any of them. Desirable * Familiarity with chain-of-trust constructs including verifiable builds, reproducible build pipelines, and hardware-backed code signing. * Awareness of the regulatory landscape relevant to digital asset custody and trading (for example FCA, FINMA, FSRA / ADGM, MiCA). * Compliance familiarity across ISO 27001, SOC 2, and NIST CSF / 800-53, with the ability to map controls cleanly between them. * Enterprise architecture grounding (TOGAF, SABSA) where it complements rather than replaces technical depth. Why Copper? At Copper, we keep innovation, openness, and curiosity at the centre of everything we do. Here, bold ideas get the spotlight, learning is constant, and diversity shapes our team from the ground up. Jump into a fast-moving, dynamic team that loves a challenge and knows how to have fun along the way. Collaboration is just as important as results—you’ll be surrounded by smart, driven colleagues in London and across our APAC, Switzerland, UAE, and US offices. Hybrid working model – we believe in the value of bringing people together and at the same time we embrace the adaptability of flexibly working. Diversity and inclusion matter to us – they’re woven into Copper life. From employee-led groups like Women at Copper to a committee focused on community and wellbeing, you’ll have a network that supports you from day one. Everyone voice matters. If you’re looking to ramp up your career, or keen to do something new in your field, with us, you’ll keep moving forward. Ready to make your mark, keep growing, and join a supportive, dynamic team? Copper’s the place. The interview process at Copper Our interview process is designed to be thoughtful, efficient, and engaging. While specific steps may vary slightly depending on the role, the typical journey includes: 1. Initial Screening A brief conversation with our Talent Acquisition team to explore your background, motivations, and alignment with the role. 2. Technical Interview A virtual session conducted via Microsoft Teams, where you'll engage with team members to discuss relevant skills, problem-solving approaches, and technical experience. 3. In-Person Interview A conversation focused on team dynamics, collaboration style, and any final technical questions. This may be with cross-functional peers or leadership. Additional steps may be added based on the role's complexity or seniority. We aim to keep the process transparent and respectful of your time. Benefits In return for everything you can bring to Copper, we can offer you an exciting, challenging role in a fast-growing and dynamic business, with career opportunities and welcoming working environment. Some of our key UK benefits are highlighted below: * Paid Time Off - A minimum of 35 days of paid time off per year, inclusive of annual leave and public holidays. Employees also receive one additional day of annual leave for each year of service. * Comprehensive Medical Insurance - Inclusive of dental, optical, audiology, and mental health coverage, with medical history disregarded * Life Insurance * Enhanced Pension Contributions - Includes an enhanced employer matching contribution * 24/7 Employee Assistance Programme (EAP) If you think you have everything we're looking for and more, then we'd love you to apply for the opportunity. Copper is an equal opportunity employer. We embrace diversity and equal opportunities in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be. So, bring us your experience, perspectives, and skills. It is in our differences that we will continue to grow and ensure Copper is transforming how institutional investors engage with digital assets. Copper is a Disability Confident Employer, please let us know if you have a disability. If you require us to provide any assistance during the recruitment process, then we would ask you to highlight this to us and we will be happy to accommodate.