Specialist ICT Risk Assurance

Your career at Deutsche Börse Group
Your area of work:
The department Chief ICT Risk Officer / CISO combines IT & IS Risk Management in the 2nd Line of Defense. The department's mandate is to set the IT and IS risk governance and framework, set the control objectives, control review methodology and risk assessment methodology, conduct independent risk assurance of 1st LoD IT and IS controls, and independently monitor and report on the level of IT and IS risk as well as to drive transformation and collaboration.

As a Specialist, you will be working on assuring that material technology and information security risks are effectively identified, assessed, reported, and remediated.

Your Responsibilities:

• Prepare and execute assessments / testing to ensure that the control requirements are effectively implemented by first line
• Identify areas of weakness and potential for improvement, devising practical solutions to enhance controls and processes
• Prepare detailed assessment reports and communicate findings to relevant stakeholders
• Provide expert guidance and support to enhance the organization's security posture
• Follow up on results and recommended improvements related to assessments to ensure timely resolution and implementation
• Contribute to the continuous improvement of ICT Risk Assurance methodologies, frameworks, and processes to ensure their ongoing effectiveness
• Support the development and organization of the scope for ICT Risk Assurance activities
• Validate regulatory findings and corrective actions to ensure compliance with relevant regulations and standards

Your profile:

• Successfully completed university degree (bachelor, master, or comparable) in a relevant field
• Minimum 2 years of experience in IT/Information Security, ideally in external/internal audit, second line assurance, or implementation roles
• Experience in Cloud Security, Network Security, Vulnerability Management, Security Information and Event Management (SIEM), Privileged Access Management (PAM), Threat Intelligence, Incident Response, or related domains is an advantage
• Experience in the financial sector, preferably within EU-regulated environments; familiarity with BAIT, MaRisk, CSSF, and DORA is a plus
• Proven knowledge of common IT standards such as CSA-CCM, COBIT, BSI Grundschutz, ITIL, ISO/IEC 27000 series and professional certifications, e.g. CISA, CISM, CISSP, CEH, or CIA are preferred
• Strong understanding of the Three Lines of Defense model, risk management frameworks, methodologies, and best practices
• High analytical skills, quick conceptual understanding of complex matters and thinking outside the box
• Strong interpersonal and communication skills, with the ability to engage senior stakeholders effectively
• Very good knowledge of English language, both written and spoken; German is an advantage