Information Security Risk Analyst (db)

Job Description

DB Global Technology is Deutsche Bank’s technology centre in Central and Eastern Europe. Since its set-up in 2013, Bucharest Technology Centre (BEX) has constantly proven its capacity to deliver global technology products and services, playing a dynamic role in the Bank’s technology transformation.

We have a robust, hands-on engineering culture dedicated to continuous learning, knowledge-sharing, technical skill development and networking. We are an essential part of the Bank’s technology platform and develop applications for many important business areas.

We are looking for a knowledgeable Information Security Analyst to operating as a member of the Chief Security Office (CSO) Third Party Security team (TPS). As an Information Security Risk Analyst, you will be responsible for supporting the development, execution, and maintenance of Deutsche Bank’s information security strategy and program under the management of the CSO. You will work in strategic alignment and partnership with Deutsche Bank’s Third Party Risk Management (TPRM) program under Third Party Management (TPM).

Responsibilities

Conducting Information Security Third Party risk assessments as part of the overall Third-Party Risk Management process (incl. onsite visits/reviews at our Third Parties)

· Review Third Party policies and evidences related to Information Security, review Third Party security gap analysis against the Deutsche Bank security requirements

· Conduct risk review and business impact analysis of the identified gaps, and provide comprehensive documentation of the identified gaps

· Track Third Party and services, escalate issues when necessary

· Support and coordinate Third Party Information Security Review processes, track Third Partys and services, escalate issues when necessary, negotiate with Third Party, business units, and legal team on the contractual security obligations

· Ability to provide constant communication with involved stakeholders (within in the Bank and outside the Bank)

· Supporting the team to improve the overall security control framework (e.g. new controls, enhancement of existing controls)

· Ability to document and present information security risks in a clear, concise, and understandable manner at various management levels in the bank and/or to the Third Party.

Skills:

· Overall experience in IT Security and Information Security (both technical and organizational controls)

· Knowledge of technical and organizational controls regarding Information Security, and Risk Management principles

· General understanding of banking/financial industry and services and the ability to evaluate impact of security risks on banking/financial institutions

· Experience with ISO27001 standard and current industry and agency standards, best practices and frameworks including NIST, ENISA, ISO27001, ISO27017, SOC2, PCI, and MITRE ATT&CK

· Experience with Cloud Security Alliance (CSA), Cloud Controls Matrix (CCM), and CSS Consensus Assessment Initiative Questionnaire (CAIQ)

· Understanding of financial regulations or guidance’s which impact information security (e.g.: EU Cybersecurity Act, MAS & HKMA TRM, EBA Guidelines, DORA, GDPR, NYDFS, SoX, etc)

· Understanding of Governance Risk and Control (GRC) tools, services, frameworks, and best practices

· Highly proficient in MS Office Suite - Microsoft Word, Excel, PowerPoint, etc. for reporting purposes

· Experience with (or Knowledge of) Shared Assessment Programs(e.g.: SIG, FSQS, etc) (a plus)

· Experience with (or Knowledge of) in Data Reporting including definition of metrics and data sources (a plus)

Well-being & Benefits

Emotionally and mentally balanced: we support you in dealing with life crises, maintaining stability through illness, and maintaining good mental health

• Empowering managers who value your ideas and decisions. Show your positive attitude, determination, and open-mindedness.
• A professional, passionate, and fun workplace with flexible Work from Home options.
• A modern office with fun and relaxing areas to boost creativity.
• Continuous learning culture with coaching and support from team experts.

Physically thriving we support you managing your physical health by taking appropriate preventive measures and providing a workplace that helps you thrive

• Private healthcare and life insurance with premium benefits for you and discounts for your loved ones.

Socially connected: we strongly believe in collaboration, inclusion and feeling connected to open up new perspectives and strengthen our self-confidence and wellbeing.

• Kids@TheOffice - support for unexpected events requiring you to care for your kids during work hours.
• Enjoy retailer discounts, cultural and CSR activities, employee sport clubs, workshops, and more.

Financially secure: we support you to meet personal financial goals during your active career and for the future

• Competitive income, performance-based promotions, and a sense of purpose.
• 24 days holiday, loyalty days, and bank holidays (including weekdays for weekend bank holidays).

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.