Information Security Senior Specialist
Deutsche Bank
- București
- Permanent
- Full-time
- In collaboration with the subject matter experts of the assigned security pillar and capability, document processes used by the capability, and define the attributes of IS Controls in alignment with the IS Control Lifecycle Design Principles
- Working with the process governance stakeholders, identify and understand security requirements and objectives
- Find pre-requisites of the processes and solutions to function as designed, to develop Information Security Controls tailored to organizational needs and industry standards
- Execute IS Control Lifecycle steps to achieve stakeholder engagement and review of the proposed IS Controls
- Act as a competent partner, and challenger to capability stakeholders in the development and evaluation of the process and control change requests
- Take active role in development, improvement, and implementation of the Bank’s Security Control Framework
- Communicate openly with management and the internal stakeholders; keep them informed of potential findings and escalate problems/delays accordingly
- Proactively develop and keep professional consultative working relationships with the CSO function, clients and respective support areas and use a range of approaches to collect relevant information to assess key risks and analyze existing controls to identify vulnerabilities and gaps in the security posture
- Partner with other divisional teams during IS Control Design and Effectiveness Tests
- Define or contribute to the development of key operational procedures where necessary
- Execute day-to-day operational IS control design teamwork and contribute to the delivery of
- Prepare and present reports, metrics, and dashboards to executive leadership and relevant stakeholders
- Coach and mentor junior members of the team and act as delegate for Head of UG Control Design Team Lead
- Stay up to date with the latest security threats, trends, and technologies, and proactively recommend enhancements to security controls.
- 5-10 years of work experience in the Information Security or Information Technology area with a focus on Governance, Risk, and Compliance and/or IS/IT Audit, preferably in the financial or regulated industry
- Prior experience working on one or more of the information security domains such as Identity and Access, Security Monitoring, Cloud and Cyber Risk, Data Leakage Management, End User Protection, Cryptography is highly beneficial.
- Experience in process design, assessment, documentation, or continuous improvement
- Proven experience in development or assessment of Information Security Controls or Information Security Risks
- Ability to translate complex technical concepts into clear and concise recommendations for non-technical stakeholders.
- Experience in global and diverse teams across different time zones and within a matrix environment
- Demonstrated ability to lead projects and initiatives independently
- Excellent communication and interpersonal skills, with the ability to collaborate effectively across all levels of the organization. Fluent in English.
- Professional / industry recognized certifications (e.g. CISM, CGEIT, CGRC, CISA, CCSP, CISSP, OSCP) preferred
- Strong understanding of cyber security standards (e.g., NIST, OWASP, ISO27001, CCA CCM) and knowledge of the regulatory environment in the financial sector are highly beneficial
- Knowledge of IS threat analysis and frameworks (e.g., MITRE ATT&CK Framework) preferable
- University degree in Computer Science / (Commercial) Information Technology or equivalent qualification