The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity, and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.
Field of activity
In your new position, you will become a member of the Group Security Strategy & Architecture team. The Strategy & Architecture team is mainly responsible to keep Information Security up with threats and regulations, drive innovations, ensure audit discipline and support comprehensive reporting.
In the advertised position you will be focused, but not limited to, the regulatory adherence of Information Security. You will support various Information Security related projects ensuring that Information Security is following the regulatory requirements and the best industry practices. Your strong interpersonal skills with the ability to communicate clearly and effectively with business and technology stakeholders at all levels will be the driving force behind your work.
Tasks/responsibilities
* You consult the management and projects in regulatory and best practice matters.
* You identify improvement possibilities to raise the compliance level
* You make yourself familiar with existing and upcoming regulations and best practices.
* You support audits and the implementation of regulatory compliant corrections.
* You analyse the impact of changes and drive the solution/ adjustment process.
* You establish a trusted relationship with our business partners and central functions
Qualifications/required skills
* University degree in Computer Science, Information Technology, Cyber Security, Business Informatics, Law or a related field
* 3+ years of work in Information Security or Compliance or (Internal) Audit or Legal
* In-depth knowledge of relevant legal and regulatory frameworks in the financial industry (e.g., MaRisk, BAIT, German BSI IT-Grundschutz, CSSF circulars) and industry standards (e.g. ISO 2700x, NIST, COBIT)
* Ability to translate regulatory requirements into operational plans and actions
* Technical background and practical knowledge in relevant IT Security solutions is an advantage
* Excellent analytical skills, creativity, critical thinking, ability to identify problems and propose solutions
* Excellent presentation and interpersonal skills
* Ability to work under high pressure
* Proficiency in written and spoken English and German