Information Security Framework Specialist - AVP (f/m/x)

DB Global Technology is Deutsche Bank’s technology center in Central and Eastern Europe. Since its set-up in 2013, Bucharest Technology Centre (BEX) has constantly proven its capacity to deliver global technology products and services, playing a dynamic role in the Bank’s technology transformation.

We have a robust, hands-on engineering culture dedicated to continuous learning, knowledge-sharing, technical skill development and networking. We are an essential part of the Bank’s technology platform and develop applications for many important business areas.

Technology plays a critical role in Deutsche Bank's transformation. To ensure the deployment of technology and digital solutions in a substantially more comprehensive manner across the bank, Technology, Data and Innovation (TDI) has been established as one technology division for the bank, driving an integrated IT, data, and security agenda across the bank.

Chief Security Office (CSO) is one of TDI’s sub-divisions and it is responsible for the creation, maintenance, and implementation of the information security strategy of Deutsche Bank Group. CSO steers the measures derived from the information security strategy and supplies guidance to employees about the identification, development, implementation, and execution of all processes which serve to reduce information security risk, to respond to incidents, and to set up proper policies and standards for information security management.
 

IS Governance & Control Frameworks, as governs the Security Control Framework that ensures the control estate for CSO are fit for purpose, maintained according to defined control lifecycle, fulfill control design standard. As part of this governance, assess the processes and solutions within an assigned security pillar and capability to evaluate how the Security Control Objectives are implemented and ensure governance on Control Objectives to achieve compliance and align with regulatory and organizational requirements of the Bank.

The Information Security   Framework Specialist (AVP) is responsible for managing specific aspects of Information Security Control Framework and associated governance tasks at the Deutsche Bank Group level.  They monitor and contribute to the implementation of the Information Security Strategy together with line management.

Responsibilities

• Take ownership of the control estate governance and work on one or several Cyber Security domain e.g. Cryptography, Data Security, Identity and Access Management, Network Security, Security Monitoring, Endpoint Security, Cyber Risk in collaboration with the designated subject matter experts, in order to define the most effective and efficient Control estate.

• Conduct and participate to assessments of information security controls, frameworks, processes, gap analysis against industry’s best practices, standards and regulations.
• Contribute to the continuous development and maintenance of the team’s knowledge base and standard content offering to support an efficient and consistent response process and other projects maturing and evolving our service offering and processes.
• Work with representatives of governance and control stakeholders to ensure controls are fit-for-purpose, agreed upon and ratified; actively taking part in control / framework design, development, maintenance and governance
• Act as an advisor to stakeholders on execution of Control framework and its lifecycle e.g policy and control maintenance, as well as contribute to the continuous improvement including both control estate and team process and methodologies.

Skills

• Significant and multi-year work experience in the Information Technology / Information Security area or in IT Audit, Information Security Governance, Risk and Control related topics and/or frameworks, preferably in the financial industry; ideally combined with experience in project management.
• Ability to watch, track and clearly communicate progress, escalate issues when appropriate. Strong analytical and problem-solving skills.
• Professional appearance and strong verbal and written communication and presentation skills (technical and non-technical), with the ability to communicate on all hierarchy levels. Cross-functional collaboration, stakeholder engagement, influencing skills and familiarity with continuous improvement process. Positive attitude and proactive behavior. Fluent in English is required.
• Highly appreciated will be professional / industry recognized certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified in Governance of Enterprise IT (CGEIT), ITIL, COBIT, Certified in Risk and Information Systems Control (CRISC)), or similar.
•  Familiarity  with IS threat analysis and frameworks (e.g., MITRE ATT&CK Framework) as well as cyber security standards (e.g., NIST, OWASP, ISO27001) and knowledge of the regulatory environment in the financial sector (e.g., KAIT, BAIT, ESMA cloud guidelines).

Well-being & Benefits

Emotionally and mentally balanced: we support you in dealing with life crises, maintaining stability through illness, and maintaining good mental health

• Empowering managers who value your ideas and decisions. Show your positive attitude, determination, and open-mindedness.
• A professional, passionate, and fun workplace with flexible Work from Home options.
• A modern office with fun and relaxing areas to boost creativity.
• Continuous learning culture with coaching and support from team experts.

Physically thriving we support you managing your physical health by taking appropriate preventive measures and providing a workplace that helps you thrive

• Private healthcare and life insurance with premium benefits for you and discounts for your loved ones.

Socially connected: we strongly believe in collaboration, inclusion and feeling connected to open up new perspectives and strengthen our self-confidence and wellbeing.

• Kids@TheOffice - support for unexpected events requiring you to care for your kids during work hours.
• Enjoy retailer discounts, cultural and CSR activities, employee sport clubs, workshops, and more.

Financially secure: : we support you to meet personal financial goals during your active career and for the future

• Competitive income, performance-based promotions, and a sense of purpose.
• 24 days holiday, loyalty days, and bank holidays (including weekdays for weekend bank holidays).

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.