The IT Compliance Manager & Auditor is responsible for ensuring that INNIO's IT and digital landscape complies with applicable regulatory requirements, internal policies, and recognized industry standards. The role designs, implements, and continuously improves IT compliance and IT governance frameworks that support business scalability, operational resilience, and strategic objectives.
This position acts as a key interface between IT, business stakeholders, internal audit, and external auditors, translating regulatory and compliance requirements into practical controls, processes, and improvement initiatives. By proactively monitoring compliance, assessing risks, and investigating deviations, the role safeguards INNIO's information assets and strengthens the integrity, transparency, and effectiveness of the IT control environment.
What INNIO Offers You
An innovative and international working environment
Flexible working time model (depending on position and role)
Health We Care program - including company sport activities
Moving cost support for new employees in accordance with policy
Good connections to public transport - station in direct proximity
Transportation cost support in accordance with policy
One of the best canteens in the area with healthy and various meals
Attractive location in the heart of the Alps with various outdoor sports and leisure possibilities
Your Responsibilities:
Compliance Management
Design, implement, and maintain IT compliance programs to ensure adherence to applicable laws, regulations, and standards (e.g. ISO 27001, IEC 62443, NIS2, EU AI Act, and similar frameworks).
Continuously monitor changes in IT- and digital-related regulatory requirements and assess their impact on INNIO's systems, processes, and policies.
Coordinate closely with impacted internal stakeholders (IT, Digital, Legal, Finance, Engineering, etc.) to introduce, communicate, and embed required changes into the organization.
IT General Controls (ITGC) & SOX Compliance
Plan, coordinate, and execute ITGC and SOX-related compliance activities in cooperation with external auditors, internal audit, and external consultants.
Perform ITGC assessments covering areas such as access management, change management, IT operations, and system development controls.
Identify, document, and assess control deficiencies, including root cause analysis and risk impact evaluation.
Define, implement, and track remediation actions and compensating controls to address identified deficiencies in a timely manner.
Audits, Reviews & Assurance Activities
Conduct regular internal IT compliance audits, reviews, and risk assessments to evaluate the effectiveness of controls and identify areas of improvement.
Serve as a key point of contact for external and internal auditors, supporting audit preparation, execution, and follow-up activities.
Develop, manage, and monitor action plans resulting from audit findings, compliance gaps, or regulatory observations.
Reporting, Training & Stakeholder Engagement
Regularly report compliance status, key risks, audit outcomes, and improvement initiatives to senior management.
Develop and deliver training and awareness sessions on IT risk management, compliance obligations, and control responsibilities for IT staff and relevant business functions.
Promote a strong culture of compliance, risk awareness, and accountability across the organization.
Leadership & Continuous Improvement
Manage and mentor members of the IT Governance and Compliance team, fostering professional development and high performance.
Define and track relevant service metrics, SLAs, and KPIs related to IT compliance and control effectiveness, driving continuous improvement initiatives.
Your Profile:
Bachelor's degree in Information Technology, Computer Science, Information Systems, or related field
Minimum of 5 years' experience in IT compliance, IT audit, IT risk management, or related discipline
Hands-on experience with ITGC and SOX compliance in international or complex IT environments
Proven experience working with internal and external auditors, and regulatory bodies
Professional certifications such as CIA or CISA are highly desirable
Excellent analytical, investigative, and problem-solving skills with high attention to detail
Strong knowledge of IT governance, risk management, and compliance frameworks
Ability to translate regulatory and technical requirements into practical processes
Strong communication and stakeholder management skills across technical and non-technical audiences
Ability to manage multiple priorities, meet deadlines, and work independently in a dynamic environment
At INNIO, we offer an attractive compensation package that is above the collective agreement for the metal industry. Your qualifications and experience will be considered in an open dialogue during the recruiting process to ensure a market-competitive compensation package.