Location:Frankfurt am Main, DE
The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.
Field of activity
In your new position, you will become a member of the Information Security Governance & Risk team, part of Group Security in Frankfurt am Main. The Information Security Governance & Risk team is responsible for the enforcement of the Information Security Framework in collaboration with CISO and other central functions like Group Risk, Compliance Management, Outsourcing and Data Privacy, and is responsible for the management reporting and the awareness campaigns at the Deutsche Börse Group as well.
In the advertised position you will be focused on the Information Risk Management, our core competence, consulting our business partners and management on Information Security Risk Management matters. Beside that you will support various Information Security related projects ensuring robustness and the state-of-the-art solutions following the regulatory requirements and the best industry practices. Your strong interpersonal skills with the ability to communicate clearly and effectively with business and technology stakeholders at all levels will be the driving force behind your work.
- You consult the departments and management on Information Risk Management matters.
- You conduct Information Security Risk Assessments, assuring proper risk identification in accordance to the Information Security Framework, and tracking/reporting on remediations.
- You contribute to implementing the Information Security Framework, e.g. operationalization of the Information Security Risk Management, process automation and tooling.
- You participate in Information Security Audits, incl. preparing for audits, resolving audit findings and ensuring closure.
- You establish trusted relationships with our business stakeholders, e.g. Compliance Officers, Risk Officers, Chief/Business Information Security Officers and Internal/External Audit.
- You report, escalate and provide solutions for Cyber Security issues.
- You maintain up-to-date knowledge of the Information Security industry, including awareness of innovative information security solutions/processes, emerging standards and new threat vectors.
- Bachelor's and/or Master’s degree in Information Technology, Cybersecurity, Business Informatics or comparable education
- 3+ years of experience in Cybersecurity
- Knowledge of general legal and regulatory frameworks in the financial industry, for example MaRisk, BAIT, German BSI IT-Grundschutz and industry standards like ISO/IEC 2700x or NIST
- Certifications like ISO/IEC 27001 Lead Implementer/Auditor, CRISC, CISA or similar is an advantage
- Strong analytical skills, critical thinking, ability to identify problems and propose solutions
- Excellent presentation and interpersonal skills
- Proficiency in written and spoken English, German is an asset