Information Security Specialist, AVP

Role Description

Chief Security Office is responsible for the creation, maintenance and implementation of the information security strategy of Deutsche Bank Group. CSO steers the measures derived from the information security strategy and provides guidance to employees regarding the identification, development, implementation and execution of all processes which serve to reduce information security risk, to respond to incidents, and to establish appropriate policies and standards for information security management.

CSO division, Business Information Security and Governance, defines Information Security control objectives and conducts inclusive, reliable, threat-oriented, and risk-driven Information Security control / capability testing & governance to satisfy regulatory and organizational requirements. Team is located in the Banks major business hubs in Germany, the United States of America and India.

Your key responsibilities

• Design Test cases to evaluate the IS capability / control design effectiveness and operational effectiveness
• Executes day-to-day operational IS control testing work and contributes to the delivery of the testing and monitorin function and manages scope of deliverables.
• Undertakes testing assignments, drafts test findings for review, facilitates issue tracking and validates them to closure.
• Drafts high quality test reports for review by senior management, facilitates finding tracking and validates actions taken to remediate previous test findings.
• Executes IS Control effectiveness test fieldwork in line with the agreed test approach e.g. documenting Process Flows, identification of key risks, testing of key controls to determine whether they are properly designed and are operating effectively and documenting work in accordance with standards.
• Acts as a competent partner to clients in the closure process of findings.
• Communicates openly with management and the internal stakeholders; keeps them informed of potential findings and escalate problems/delays accordingly.
• Proactively develop and maintain professional consultative working relationships with the CSO function, clients and respective support areas and will use a range of approaches to collect relevant information to assess key risks.
• Define key operational procedures where necessary and ensure adherence
• Focus on utilizing the capacity in an efficient and effective manner. Monthly tracker to be maintained
• Represent the process and provide inputs for the Monthly and Quarterly dashboards with performance and with any challenges faced or suggestions to improve the quality
• Partners with other divisional/teams during IS Control effectiveness tests engagement to use a collaborative approach.

Your skills and experience

Mandatory

• 3-5 years of work experience in the Information Technology area (common operating systems, databases, threat operations, vulnerability management, cloud security, as well as cryptographic topics) or in IT Audit, preferably in the financial industry
• lear understanding of the relationship between IT risk and how this applies to business processes
• Project management experience with strong analytical and problem-solving skills
• Effective communication and strong interpersonal skills
• Experience in global and diverse teams across different time zones and within a matrix environment
• University degree in Computer Science / (Commercial) Information Technology or equivalent qualification
• Ability to monitor, track and clearly communicate progress, escalate issues when appropriate
• Positive attitude and proactive behavior
• appearance and strong verbal and written communication skills and the ability to communicate on all hierarchy levels. Fluent in English.
• Self-driven, eager to learn and well-organized team player

Optional

• Professional / industry recognized certifications (e.g. CISA, CCSP, CISSP, OSCP) are highly beneficial to cover a broad range of Information Security areas where relationship with the business or IT is required
• Strong knowledge of IS threat analysis and frameworks (e.g MITRE ATT&CK Framework)
• Strong understanding of cyber security standards (e.g. NIST, OWASP, ISO27001) and knowledge of the regulatory environment in the financial sector (e.g. KAIT, BAIT, ESMA cloud guidelines)
• German language is beneficial