Recruitment Manager at Deutsche Bank
Views:527 Applications:53 Rec. Actions:Recruiter Actions:0
Deutsche Bank - Associate - Divisional Business Information Security Officer (6-9 yrs)
Position Description :
The Global Markets Operation (GMO) Divisional Business Information Security Officer (DBISO) is accountable for business information security for his/her assigned software applications. The DBISO cooperates closely with the Chief Information Security Office, Senior Business Management, users of the application population and technology functions to ensure the fulfillment of agreed Information Security services.
The DBISO is expected to possess detailed knowledge of the respective business functions and the applications supporting them, an understanding of regulatory requirements affecting their area of responsibility, and to act as the Subject Matter Expert for the divisional Information Systems (IS) requirements of group-wide information security initiatives.
Position Specific Responsibilities and Accountabilities:
Divisional BISO duties include :
Support the Chief Information Security Office in the risk assessment of infrastructure and application assets:
- Ensure Information Security risk assessment and compliance evaluations for assigned infrastructure and application assets are performed within required timeframes.
- Provide business and IS expertise and guidance in support of this process.
- Provide information related to the business context, information sensitivity and nature of usage of an application, including identification and implementation of controls for identified Information Security risks in their area of responsibility.
- Identify and describe application and business process dependencies (upstream and downstream) for integrity and availability evaluations, including changes to the application environment.
- Review assessment results and track control gap remediation, including follow-up and mitigating control design, and non-compliance dispensation
Support the Business division:-
- Ensure the implementation of controls for identified Information Security risks in their area of responsibility. If this is not possible or not desired, the DBISO ensures that an appropriate dispensation to accept the residual risk identified due to the lack of controls that are obtained.
- Perform quality assurance of application inventory concerning relevant errors and warnings, following up as needed to remediate any business or IS risks identified during this process.
- Collaborate with and support Identity and Access management functions with regard to application recertification (including selection and onboarding to central recertification platform), user groups, entitlements and remediating functional conflicts.
- Partner with the Chief BISO to address requests for IS policy interpretation, guidance and advice, to ensure creation of divisional policies in accordance with the IS Policy Governance and to support policy authors by raising questions to the policy advisory team.
- Collaborate with Chief BISO in review of vendors and provide advice and guidance on critical vendor relationships by reviewing the vendor engagement from an Information Security perspective.
- Provide relevant information and review and support services to the central team to facilitate the vendor reviews.
- Approve the final review document and conclusions.
- Support audit & regulatory engagement, coordinate the collection, review and submission of IS audit deliverables by remediating findings from audit.
- Provide updates to the COO stakeholders
Experience/ Exposure :
Required Competencies :
- Experience of managing projects and co-coordinating resources
- Good understanding of front-to-back trading lifecycle activities or similar experience
- Capable of taking tasks that are only roughly defined, yet involve complex interactions with other tasks and projects, and translating them into concrete initiatives
- First class analytical skills and meticulous attention to detail
- Excellent & concise communicator
- Collaborate with team members or business colleagues on complex projects.
- Ability to work on multiple projects at one time
- Consistent and prompt follow-up practices
- Proactive in finding problems, defining and implementing solutions
- Effective decision making skills
- Strong awareness of risk controls
- Strong relationship abilities with internal departments
- MS Access a plus
- Team player and ability to work independently with minimal supervision.-
Education/ Qualifications :
- Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager
- Demonstrable experience of managing Information Security in financial services environment
- Experience in risk assessment, risk identification, design and implementation of mitigating controls
- Experience of ISO27001 ISMS framework
- Awareness of financial regulatory requirements (SoX, BaFIN, MAS)
- Experience of identity and access management and role based access control
- Experience in one or more business areas in the bank dealing with complex systems
- Understanding of the transaction lifecycle as it relates to one or more aspects of the investment banking / securities business.