The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity, and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.
Field of activity
Reporting to the Head of Section of Information Security Governance and Risk you will lead unit responsible for Legal Entity (LE) governance, reporting and contract arrangement.
The focus of this role is to establish a risk-based view of the security posture on Group level and for selected Legal Entities, which includes Deutsche Börse AG. The is will view will be the foundation of the Group Security reporting. Additionally, the unit will be responsible to the contracts with subsidiaries and associated KPIs. The combination of service levels on one side and reporting of the security posture will be the main driver to drive the security posture cross the Deutsche Börse Group.
As a line manager, people management must be an integral part of your agenda. You are expected to actively work on your teams’ and team member’s personal development by proposing development measures and creating visibility for talent. As part of the Group Security Leadership team, you will be tasked to make an effective contribution towards increasing the team’s diversity.
Tasks/responsibilities
* You lead a team of subject matter experts on Information Security
* You manage the creation of a standardized view on the security posture of Deutsche Börse Group, Deutsche Börse AG and subsidiaries. This view will become the main tool to steer and influence the security posture jointly with the senior management of Groups Security and the CIO/COO function.
* You manage to create a standard reporting pulling relevant data points on the gaps and security information with the use of data analytics and a common reporting engine
* You manage the Services between DBAG and subsidiaries
* You maintain a good working relationship to the Group within Group Security to synchronize the view on the security posture
* You establish the main interface to the business to make the status of the Information Security posture transparent and run regular session pulling required expertise into these sessions as per your regression.
* You are responsible for staffing, performance assessment, career path planning, training, and coaching/mentoring for all team members
Qualifications/required skills
* University degree in Computer Science, Information Systems, or a related field
* 5+ years of work in Information Security with management/project experience
* Excellent people management skills, experience of managing international teams
* In-depth knowledge of relevant legal and regulatory frameworks in the financial industry (e.g., MaRisk, BAIT, German BSI IT-Grundschutz, CSSF circulars) and industry standards (e.g., ISO/IEC 2700x, NIST, COBIT)
* Ability to translate regulatory requirements into operational plans and actions
* Solid knowledge and understanding of Cyber Security technologies, processes, and methodologies (e.g., SIEM, SOAR, IDS/IPS, threat analysis, incident response, forensics analysis, Kill Chain, MITRE ATT&CK)
* Strong technical background and practical knowledge in relevant IT Security solutions
* Excellent analytical skills, creativity, critical thinking, ability to identify problems and propose solutions
* Excellent presentation and interpersonal skills
* Ability to work under high pressure
* Proficiency in written and spoken English and German