Third-Party Security Risk Management (f/m/d)
Your area of work:
The Group Security department directly contributes to execution of the Deutsche B??rse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.
In your new position, you will become a member of the Supplier Security team, part of Group Security in Frankfurt am Main. The Supplier Security team is responsible for the enforcement of the Information Security Framework in close collaboration with CISO and other central functions like Group Risk, Compliance Management, Outsourcing and Data Privacy.
In the advertised position you will be focused on the Supplier Risk Management, our core competence, consulting our business partners and management on Supplier Security Risk Management matters. Beside that you will support various Information Security related projects ensuring robustness and the state-of-the-art solutions following the regulatory requirements and the best industry practices. Your strong interpersonal skills with the ability to communicate clearly and effectively with business and technology stakeholders at all levels will be the driving force behind your work.
- You conduct and support Supplier Security Risk Assessments, assuring proper risk identification in accordance to the Information Security Framework, and tracking/reporting on remediations
- You contribute to implementing the Information Security Framework, e.g., operationalization of the Suppier Security Risk Management process automation and tooling
- You participate in Information Security Audits, incl. preparing for audits, resolving audit findings and ensuring closure
- You establish trusted relationships with our business stakeholders and control function, e.g., Compliance Officers, Risk Officers, Chief Information Security Officers and Internal/External Audit
- You maintain up-to-date knowledge of the Information Security industry, including awareness of innovative information security solutions/processes, emerging standards
- Bachelor or Master degree, or similar, in a field related to information security, IT, or Business Informatics
- Up to three years of experience and proven track record in an information security management role in a financial institution (advising, consulting, creating, auditing, or implementing Information Security Management Systems and frameworks)
- Knowledge of relevant regulation e.g., MaRisk, BAIT,EBA and very good understanding of industry frameworks and standards e.g., ISO 2700x, NIST, ITIL, COBIT
- Strong technical background and practical knowledge in IT Security solutions such as Cloud
- Strong analytical skills, creativity, critical thinking, precision in communicating and documenting, ability to identify problems and propose solutions, reliability
- Excellent presentation and interpersonal skills
- High Proficiency in German and English