Information Security Specialist in Eschborn bei Deutsche Bank

Position Overview

Details of the role and how it fits into the team

The Chief Security Office (CSO) is responsible for the creation, maintenance, and implementation of the Information Security strategy of Deutsche Bank Group. CSO steers the measures derived from the Information Security strategy and provides guidance to employees regarding the identification, development, implementation, and execution of all processes which serve to reduce Information Security risk, to respond to incidents, and to establish appropriate policies and standards for Information Security management.

The CSO Central Embedded Risk Team (“ERT”) is part of the CSO organization and located within the CSO Third Party, Regulatory, Risk & External Engagement and CISO EMEA & Germany team (TREE & CEG). The primary objective of the role is to drive the risk and control agenda which translates in assisting, facilitating, managing, and monitoring all aspects of Information Security risks. This includes internal and statutory Audit coordination, Findings Management support and Risk Reporting. The ERT is working together with all the stakeholders in CSO divisions on a day-to-day basis.

Your key responsibilities

Each year CSO is participating in the statutory audit and regulatory requirements. The purpose of the audit is to assess the adequacy and effectiveness of internal IT controls relating to Identity and Access.

Main responsibilities are:

• Coordinate external Audit activities within CSO, participate in fieldwork phase of the Audit.

• Run regular CSO internal reports.

• Provide support on delivering audit requests effectively.

• Provide an overview to management / the ERT head on a regular basis.

• Working with CSO ERT Lead on further enhancement activities which will include discussion with various stakeholders, including senior management.

Your skills and experiences

Skills you will Need:

• Extensive experience in Information Security & Risk Management area (Identity & Access Controls, experience in ISMS domains, auditing, and enterprise risk management), preferably in the financial industry.

• Experience with Risk Management and Audit tools.

• Experience in global and diverse teams across different time zones and within a matrix environment, as well as project management with strong analytical and problem-solving skills

• University degree in Computer Science / (Commercial) Information Technology or equivalent qualification, professional / industry recognized certifications (e.g. CISA, CCSP, CISSP, CISM/CRISK) are highly beneficial to cover a broad range of Information Security areas where relationship with the Business or IT is required.

• Minimum of 4 years experience in Information Security & Risk Management.

• Excellent knowledge of MS Office standard applications.

Skills That Will Help You with Excel

• Strong understanding of cyber security standards (e.g., NIST, ISO27001, ITIL) and knowledge of the regulatory environment in the financial sector (e.g., BAIT, SOx, MAS, Cyber Security guidelines).

• Strong verbal and written communication skills and the ability to communicate on all hierarchy levels fluent in English (German language is beneficial).

• Clear understanding of the relationship between IT risk and how this applies to business processes.

• Self-driven, eager to learn, and well-organized team player.

• Effective communication and strong interpersonal skills.

The position is offered full-time and part-time.

Tender period: 15.05. 2024 – until further notice

Classification: AT1

Equivalent ETV (Postbank tariff): TG 8

Equivalent civil servant salary: LGr C A 12

_________________________________________________________________________

Details zur Rolle und wie sie in das Team passt

Das Chief Security Office (CSO) ist für die Erstellung, Pflege und Umsetzung der Informationssicherheitsstrategie der Deutsche Bank-Gruppe verantwortlich. CSO steuert die aus der Informationssicherheitsstrategie abgeleiteten Maßnahmen und berät die Mitarbeiter bei der Identifizierung, Entwicklung, Implementierung und Ausführung aller Prozesse, die dazu dienen, das Informationssicherheitsrisiko zu reduzieren, a