Recruitment Manager at Deutsche Bank
Views:958 Applications:75 Rec. Actions:Recruiter Actions:0
Deutsche Bank - AVP - Technology Risk Analyst - Divisional Control Regulatory Office (9-14 yrs)
Position(s) Reports to: Director
Profession: Divisional Control/Oversight
Position: Divisional Control and Regulatory Office
Functional Title: COO, DCRO - Technology Risk Analyst
Corporate Title: AVP
Position Description :
- Technology Risk Assessments is a function within the COO Divisional Control Office (DCO) providing services to multiple businesses in the group to deliver the bank's DCO agenda. The DCO units provide a consolidated view of (non-financial) risks and central coordination as well as effective, efficient and consistent standards and policies across business lines within a specific region.
- This role is integral in supporting the front line management in identifying, assessing/measuring risks, identifying remediation actions and monitoring risks, by performing comprehensive risk assessments of technology functions according to established process and control standards.
- The role could involve participating in a variety of types of risk assessments including Deep Dives on technical subjects, Read-Across for identification of themes in other bank divisions, Review of emerging technologies, mandatory compliance assessments such as SoX, SWIFT CSP, Group ORM Risk assessments such as the RCA process or project risk assessments for the banks major initiatives as determined through the JET committee and COO strategy.
- Technology Risk Assessors will work within the Risk Assessments team and closely interact with the different Risk Officers, Regional leads, 2LoD such as ORM & IRRM and the group's front line technology groups. This will include CIOs, development & infrastructure leads, programme managers, architects and production support areas
Position Specific Responsibilities and Accountabilities :
- Performs technology risk assessments across COO Technology areas and processes, evaluating relevant inherent risks, validating controls, assessing the effectiveness of control design and operation and determining residual risk.
- Performs risk assessments across many disciplines from an infrastructure, application and security perspective. This includes technology delivery, operations, security and availability controls of IT infrastructure including servers (UNIX, Windows and Wintel); Databases and Storage Arrays, Middleware, Data Centres, Network devices, Firewalls, Antivirus, Intrusion Detection Services (IDS) and Intrusion Prevention Services (IPS). Assessments also include review of controls and risks impacting the application development lifecycle (SDLC) and application operation.
- Works with COO Technology management to agree assessment findings and mitigating actions, and evaluate outcomes in terms of systemic issues requiring strategic remediation.
- Influences the integration of Group Risk & Control Technology related initiatives and processes into the regional specific framework
- Ensures appropriate senior management awareness/oversight of follow-up on action items to resolve identified Technology issues, e.g. OR self-assessment, independent (project) risk review, audit issue resolution
- Verifies remediation concepts for critical and systemic issues and monitors their execution according to plan and with quality
- Design, execution and support Regulatory & Manadtory annual compliance assessment ie MAS Technology Risk Management guidelines, SOx, SWIFT SCP etc.
Experience/ Exposure :
- Excellent team member able to work proactive in fast paced and global environment. Open minded, able to share information, transfer knowledge and expertise to team members. Self-confident, takes initiative and ability to manage conflicts.
- A strong technical background with wide knowledge of technology and application operation to investigate and assess impact of risks.
- Experience of Risk Assessments / Technology and Operations Audits / IT Operations focused Control functions is beneficial but not essential, however an appreciation of risk subject matter is required.
- Experience of technology design, implementation and delivery obtained in financial services
- Experience of Emerging Technologies - Robotics, Predictive Analytics, Block Chain, Mobile, Public Cloud, etc.
- Experience of IT Management, Project/ Programme Management or IT Audit/ Governance to be able to deliver assessments to agreed timelines with high stakeholder engagement.
- Understand Investment and Retail Banking functions with broad-based experience in technology and operations like Payments and Swift
- Excellent analytical and investigatory skills to identify underlying technology issues and demonstrate viable solutions and problem solving
- Keeps pace with technical / operational innovation & self starter to ensure good knowledge of COO Technology risk remediation projects.
- Excellent communication skills, fluent in English and local language (written/verbal) as appropriate. Ability to interface in a multicultural environment and on all hierarchy levels.
- Sound understanding of internal and external control, compliance and risk frameworks such as CoBIT; ISO standards, ITIL, etc
- Able to liaise with senior management and regulators on reporting of project milestones, key deliverables and credibility to obtain key stakeholder sign offs and impact of identified risks.
- Added advantage if there is experience of presenting and providing information to regulators on technology risks.
- Bachelor Degree from an accredited college or university (or equivalent) &/or relevant practical experience
Certification in at least one of the following:
- CRISC (Certified in Risk and Information System Control)
- CISSP (Certified Information Systems Security Professional) or equivalent
- CISA (Certified Information Systems Auditor) or equivalent
- COBIT, ITIL, ISO27000, 6-Sigma Green Belt Certification