Lead IT Auditor & Tech Risk Expert - H/F/X

Pionnier des ventes événementielles en ligne depuis 2001 et acteur incontournable du e-commerce en Europe, Veepee collabore avec plus de 7 000 marques pour proposer des produits à forte décote, disponibles sur une durée limitée. Présent dans de nombreux univers parmi lesquels la mode, la maison, le vin, le voyage, ou encore la beauté ... Veepee a réalisé en 2024 un chiffre d’affaires de 3,3 milliards d’euros TTC et compte 5 000 collaborateurs répartis dans 10 pays.

📄 JOB DESCRIPTION:
• As a Lead IT Auditor & tech Risk Expert, you will play a pivotal role in strengthening the Group’s control environment and technology resilience. Reporting to the Group Risks & Control Department, you will independently conduct complex IT audit engagements while serving as a senior expert on technology risks, cybersecurity, compliance, and governance.

• You will join a team that bridges Permanent Control (risk management, compliance , cybersecurity, data protection) and Periodic Control (internal audit), allowing you to work cross-functionally and contribute directly to the Group’s risk governance and long-term stability.

• The Group Control Department (DCG) is a strategic and independent function reporting directly to the Chairman and CEO. Its mission is to secure the Group’s management by identifying and controlling risks, strengthening the organization through internal control, and ensuring its stability through regular audit missions.

🎯 TASKS:
• IT internal control & Audit
• Design, plan, and independently conduct IT audit assignments covering the Group's critical systems, infrastructure, applications, cloud environments, and processes.
• Assess the robustness of IT controls & Test its application : access management, system security, backups and restoration, configuration, business continuity, change management, logging, etc.
• Perform in-depth technical tests, analyze root causes, and challenge the operational effectiveness of control mechanisms.
• Prepare clear and structured audit reports, summarizing findings, associated risks, and actionable recommendations.
• Monitor the implementation of audit recommendations & remediation plans and evaluate their effectiveness over time.
• Contribute to the annual IT audit plan by identifying emerging risks (e.g., cloud computing, AI, cybersecurity).

• Cross-Functional Collaboration & Influential Expertise
• Collaborate with cybersecurity, compliance, internal control, internal audit teams and IT on various projects to ensure a comprehensive view of IT and operational risks
• Assess the alignment of IT practices with internal policies, regulatory requirements (GDPR, NIS2…), and recognized governance and control frameworks (ISO 27001, NIST, COBIT, ITIL).
• Identify and analyze technology-related risks affecting data security, availability, integrity, and confidentiality.

• Continuous monitoring & senior expertise
• Maintain a high level of expertise in technologies, architectures, cyber threats, norms, and audit standards.
• Act as an internal expert on IT audit, technology security, and risk management issues.
• Propose areas of innovation to modernize IT auditing and increase the depth of analysis.

👉 MUST HAVE skills:
• 5–8+ years of relevant experience in IT audit, cybersecurity, IT risk management, or technology assurance.
• Solid knowledge of IT governance, risk management, and internal control frameworks (e.g. COBIT, ITIL, ISO 27001, NIST).
• Strong understanding of IT infrastructure, networks, databases, cloud environments, and cybersecurity principles.
• Ability to analyze complex IT systems and identify operational and security risks.
• Experience in conducting IT audits, including planning, testing, and reporting.
• Familiarity with regulatory and compliance standards (e.g., GDPR, PCI DSS, NIS2).
• Excellent analytical and problem-solving skills, with a detail-oriented mindset.
• Strong written and verbal communication skills for reporting and presenting audit results clearly and effectively.
• Ability to work independently while maintaining collaboration with IT and business teams.
• Degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related field.

👉 NICE HAVE skills:
• Professional certifications are a strong plus (CISA, CISM, CRISC, ISO 27001 Lead Auditor, CCSK, etc.)
• Having worked in a consulting firm is a plus.

✅ AVANTAGES:
• 👉 Prime variable
• 👉 Participation & intéressement
• 👉 Télétravail possible jusqu'a 2 jours / semaine
• 👉 Plateforme d'apprentissage des langues en ligne
• 👉 CSE et ses nombreux avantages
• 👉 Chèques CESU et chèques vacances
• 👉 Accès à la restauration d'entreprise et des frigos connectés (Foodles, Kumo, Bolk)
• 👉 Accès à la salle de sport

We are convinced that it is up to you to define the way you work, to develop yourself and to progress. At Veepee we guarantee that you can just be yourself!For the service of diversity and inclusion, Veepee is committed to reviewing all applications received on an equal basis.
🔗COMPANY For more information about our ecosystem : https://careers.veepee.com/en/home-page-en/