Job
Description
:
Job TitleApplication Security Specialist
Corporate TitleAssistant Vice President
LocationPune/Bangalore India
Role Description
DWS is evolving and expanding its internal information security team. In the CSO Information Security Assurance division, your role will involve assessing the implementation of controls to ensure adherence to Information Security Policies and Procedures. This verification process utilizes the most advanced compliance data sources (i.e., compliance evaluation based on operational data, self-assessment, and independent reviews) to determine whether the necessary information security controls have been established in DWSs applications, infrastructure, and IT processes, including EUDA/EUMA. In this context, it evaluates associated risks and identifies vulnerabilities related to unimplemented controls. The service also offers guidance on training and the application of security controls.What well offer you
100% reimbursement under childcare assistance benefit (gender neutral)Sponsorship for Industry relevant certifications and educationAccident and Term life Insurance
Your key responsibilities
Your main responsibility will be to adhere to the Information Security roadmap for the applications (ensuring information security compliance) based on IS principles (confidentiality, integrity, and availability), and to verify their alignment with DWS/DB policies.Assist application team with the applications that are scheduled for migration/re-migration projects ensuring that its IS Criticality ratings are updated according to the DWS/DB IS criticality methodology.Take part in CSO assurance meetings associated with secure architecture design, new product approvals or other risk review discussions to prevent any delays or escalations arising from non-compliance.Assist the DWS CSO in executing the hybrid model as outlined for decisions related to the Aurora Operating Model, ensuring proper alignment with DB CSO ORR controls.Perform security assurance tasks on DWS CSO solutions, business applications, and IT infrastructure located within the Proteus environment.Conduct a security assessment when retiring business applications or IT applications in the Proteus environment.Aid in resolving regulatory findings and guarantee that there are no outstanding audit issues.Act as a liaison among key role holders such as ITAOs and TISOs to create a secure environment by assessing the Information Security needs.Provide support for the governance of EUDA within a DWS Unit.Contribute to the creation, testing, and management of IS Security Compliance campaigns in accordance with business needs (including documentation and training).Oversee Assurance processes and evidence evaluations throughout DWSs application portfolio to aid in reducing risks linked to non-compliant controls for all DWS entities.Assist in ensuring consistency with all other Control Functions for Operational Readiness.Security compliance reporting is a crucial aspect of the security assurance team. Therefore, you are required to work on the promptness of reporting, the precision of the content, and the comprehensiveness of risk and controls. Ensure automation in reporting and delivering value.
Your skills and experience
Clear understanding of information security risk and compliance framework.Experience in application security assessment activities.Minimum 8-14 years experience in Information security management area.Understanding on how application security policies, standards, requirements and controlsare defined.Strong Microsoft office (excel macro), automation and analytics experience.Experience in working with information security governance solutions.Experience in CISO Application Security Governance process designProven experience with Information Security Standards implementation (e.g. ISO27001, )Proven experience in implementing Risk management standardsAny globally recognized information security certification (highly preferred)Graduation and above (preferably IT, Computer science)Understanding of current industry and agency standards, best practices, and/or frameworks i.e.MITRE ATT&CK, NIST, DORA, ENISA, ISO27001, SOC2, SoX, PCI, etc.Dedicated to undertaking any assigned tasks or projects related to CSO.Ability to explain, document and present Information Security risks in a clear, concise and understandable manner, ability to present a big picture and connect the dotsDetailed oriented, collaborative and team oriented, ability to manage conflicts with Senior stakeholdersMust work independently and can collaborate comfortably in a matrix organization with international teams.Excellent verbal and written communication skills, including the ability to effectively participate in and sometimes lead discussions and meetings with internal and/or executive management and other groups involved in Physical Security/technology control assessments.Structured and reliable work style
How well support you
About us and our teams
Please visit our company website for further information:https://www.db.com/company/company.htm
