Technology Risk Manager Information Security

Job Title- Technology Risk Manager Information Security

Corporate Title - VP

Location- Pune, India

Role Description

Corporate Banking & Investment Banking is technology centric businesses, with an increasing move to real-time processing, an increasing appetite from customers for integrated systems and access to supporting data. This means that technology is more important than ever for the business.

Deutsche Bank is one of the few banks with the scale and network to compete aggressively in this space, and the breadth of investment in this area is unmatched by our peers. Joining the team is a unique opportunity to help rebuild the core of some of our most mission critical processing systems from the ground-up.

We are looking for an Information Security specialist to join our Risk and Control team to be responsible for Cyber security working closely with the Information Technology risk and Embedded Risk Team. This involves in summary, Hands-on technical data analysis and control process improvement, Control effectiveness testing, Control Uplift remediations activities and overall ensuring technology and security controls are implemented effectively and sustainably.

The Risk and Control Team ensures the Bank's information control priorities are effectively implemented across Corporate Bank & Investment Bank Technology. The team offers dedicated support for each Chief Information Officer (CIO) business line, advisory services for control responses, and program management services for broad control uplifts. The team's mission is to reduce the organization's technology risk exposure by implementing key bank controls, ensuring appropriate and timely resolution of audit issues, and participating in the Bank's design of control implementations. Therefore, your role would be integral in supporting the front-line management in identifying, assessing/measuring risks, identifying remediation actions, and monitoring risks.

Your key responsibilities

At Risk & Control Governance team, you will be responsible for activities involving Information Security controls and will partner with the CB & IB Tech risk team, CIO teams and Risk Leads to ensure overall risk posture for the area is improved. Able to liaise with Risk leads, senior stakeholders and technology/process owners on reporting, technical data analysis, process improvements and tracking of key deliverables for control uplifts and ensuring operational effectiveness of controls are tested and reported. To be successful in this role the below are key responsibility areas:

• Strong experience in Risk identification, assessment, treatment and monitoring of information security and cyber security risks across the IT landscape
• Lead information and application security control uplift programs in the Cyber Hygiene including application code scan, application threat monitoring etc
• Deep technical knowledge in Cyber Security and Information security guidelines and frameworks like NIST, ISO27001
• Governance analysing data gaps related to control uplifts, emerging patterns of compliance deterioration by technology, remediation responsibilities.
• Regulatory and Audit management support: Provide analysis and supporting evidence review to improve quality of audit evidence submission for critical audit response/closure
• Provide assistance to application teams on Information Security control implementation requirements. Drive proactive risk culture within the organization.
• Control Uplift Remediation: Ensures Information Technology and Information Security risk remediation programs are initiated and executed in line with Deutsche Bank policies and frameworks. Also work with policy owners and control owners to improve processes and tooling.
• Work with the control teams to identify and resolve potential issues in Information Security control design. Identify and resolve implementation issues. Suggest effectiveness metrics, ensure control design includes proper evidence, and provide input to the design and effectiveness of centrally provided tooling
• Ad hoc projects related to Information Security.

Your skills and experience

• Must have excellent knowledge and conduct Cyber Security control assessments and experience supporting it and related Certification preferred (CISA, ISO27001, etc)
• Good understanding of IT Governance, Risk and compliance principles, as well as IT Controls in all disciplines of technology domains
• Good familiarity in conducting Cyber security Control effectiveness testing based on specific risk patterns.
• Good familiarity with general Patching concepts and challenges in critical technologies (Java, Oracle, UNIX, etc.), PVG process and CVE advisory process for vulnerabilities
• Advanced verbal and written communication skills to present ideas and concepts effectively
• Demonstrable familiarity with concepts of Technology Roadmap Compliance, Patching lifecycle knowledge especially Java, Oracle, Disaster Recovery planning and testing
• Desirable experience providing support for external regulatory examinations or audits
• Desirable experience in assessing risk, writing issues, and developing appropriate corrective actions.