AVP - Divisional Risk and Control Specialist

Role Description;

- As an Information Security Officer (ISO) you join a specialist team within the Investment Banking Operations Division at India reporting to the Divisional Information Security Head. Deutsche Bank applies a three Lines of Defense (LoD) model to manage its financial and non-financial risks and this team is part of the frontline army that maintains an effective risk management framework and supporting the implementation of a central governance structure.

- You should have a working knowledge of information security risk standards and best practices and their application in large financial institutions. Maintaining subject matter expertise is considered critical in the current environment, based on external threats and envisaged digital and automation enhancements to the existing operating model with the ability to effectively communicate and challenge technical experts as well as senior management.

Your key responsibilities:

- To ensure the execution of information security risk assessments and compliance evaluations for applications assigned to them. From an information security perspective, the ISOs assume ownership for these applications.

- To ensure the execution of information security risk management in their area of responsibility as additionally defined by the D-ISO (e.g., conducting risk assessments on an organizational basis, implementing management action plans to mitigate identified risks)

- Perform risk assessments on processes and projects from an information security perspective. Liaise with subject matter experts (e.g., in IT, Legal, Group Data Protection, Compliance etc.) to gauge severity of security gaps.

- To ensure the implementation of controls for identified information security risks in their area of responsibility. If this is not possible or not desired, the ISOs ensure that an appropriate dispensation to accept the residual risk identified due to the lack of controls is obtained via the Risk Acceptance Process as described in the DB Group Policy

- End to end understanding and hands on experience of End user recertification process Ensuring robust user management process that adheres to the principles of least privileges.

- Onboarding new applications to the bank's recertification platforms, coordinating the bank's recertification process by interacting with stakeholders involved such as the business, Identity and Access Management team and IT.

- To manage Segregation of duties, Toxic combination, Functional Taxonomy and keep them updated/accurate regularly.

- To provide timely updates to the D-ISO regarding the aforementioned information security management tasks

- Implementing the Group Information Security risk management framework by supporting the definition of and ensuring adherence to established risk appetite.

- As a member of the Divisional Information Security team, you are also responsible for contributing to regional as well global projects and maturing the function.

- Identification and management of information security risks within your product area and application portfolio

- Develop an area of expertise and knowledge in information security topics and support the business during various audits.

- Ensuring adequate governance and controls within the process.

Your skills and experience:

- University degree with minimum of 8+ years of experience in information security, risk management, or similar background in the business or having worked with a business unit of advantage.

- In-depth knowledge of different Information security standards for banks/financial institutions.

- Flexible to work in different time zones and ability to work under pressure and tight deadline.

- Ability to manage, multi-task assignments and efficiently prioritize workload with limited supervision and resilient under pressure.

- Analytical skills to evaluate risks and control processes.

- Ability to build a network in the business and among business managers, stake holders and subject matter experts.

- Strong communication skills both verbal (incl. presentation skills) or written and ability to deal with people at all levels in a global matrix organization.

- Working knowledge of relevant assessment frameworks and/or standards (e.g., ISO/IEC 27001, COBIT5) is a plus.

- Relevant professional certifications are a plus: e.g., CISSP, CISA, ISO27001 Lead Auditor or similar.

- Understanding of risk management principles, experience in risk management and experience in regulatory frameworks for information security is a plus.

How we'll support you:

- Training and development to help you excel in your career.

- Coaching and support from experts in your team

- A culture of continuous learning to aid progression.

- A range of flexible benefits that you can tailor to suit your needs.