Control Assessments and Change Risk Advisory - GTI, AVP

• The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions.
• The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner.
• As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction.
• Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects.
• You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents.
• This role will report to GTI Control Assessment Lead

Your key responsibilities

Risk & Control Management

• Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures.
• Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments.
• Work closely with teams in and out of the division to understand risks impacting the group.
• Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships
• Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums

Regulatory Adherence and Policy Management

• Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI.
• Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and planning remedial actions.
• Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations.

Risk remediation and Change Risk Advisory

• Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization
• Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience

Stakeholder Management Identify, Partner and Collaborate

• Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner
• Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework.
• Promote and support proactive IT risk culture at the Bank.

Your skills and experience

Desired experience

• Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization.
• Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security).
• Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents.
• Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001
• Other professional qualifications and certifications in Technology risk management

Desired behaviors

• A strong team player comfortable in a cross-cultural and diverse operating environment
• Result oriented and ability to deliver under tight timelines
• Ability to successfully resolve conflicts in a globally matrix driven organization
• Excellent communication and collaboration skills
• Desire to learn about new and emerging technologies and continuous upskilling
• Must be comfortable with navigating ambiguity to extract meaningful risk insights