Information Security Analyst, AS

Risk Function:

The first line Tech Risk function for business divisions CB, IB and Ops at Deutsche Bank sits within the Divisional Control Office. CB and IB front-to-back have the largest footprint as a risk bearing function within the banking divisions and you will be part of a dynamic team which is consistently in demand for providing insights, assessments and managing Information Technology (IT) and Information Systems (IS) risks on behalf of the business.

As part of the team, you will join the Banks journey and contribute towards our strategic goal of managing technology risk within appetite whilst enabling adoption of emerging and new technologies for business growth.

CB Divisional CISO (D-CISO) Office:

The CB Divisional CISO is a part of the larger CB, IB and Ops Tech Risk functioin and has the ultimate responsibility for the operational aspects of ensuring compliance to Deutsche Banks Information Security Principles.The Divisional CISO Office supports the Div. CISO in this task. In this role the candidate will assist all of our business divisions by evaluating and mitigating information security risks in order to meet both audit and regulatory requirements.

What we'll offer you

As part of our flexible scheme, here are just some of the benefits that youll enjoy

Best in class leave policy

Gender neutral parental leaves

100% reimbursement under childcare assistance benefit (gender neutral)

Sponsorship for Industry relevant certifications and education

Employee Assistance Program for you and your family members

Comprehensive Hospitalization Insurance for you and your dependents

Accident and Term life Insurance

Complementary Health screening for 35 yrs. and above

Your key responsibilities

Information Security Officer (ISO)

ISO

Key ISO Responsibilities

comprise but not limited to:

To ensure Information Security risk assessments and compliance evaluations for assigned IT assets are performed

To provide sufficient information related to the business context, information sensitivity and nature of usage of an application, including identification and implementation of controls for identified Information Security risks in their area of responsibility

To identify and describe application and business process dependencies (upstream and downstream) for integrity and availability evaluations, including changes

To agree assessment results and track remediation, including follow-ups and mitigating actions

To resolve data quality issues pertaining to the application portfolio

To support Identity and Access management functions with regard to application recertification (including selection and onboarding to central recertification platform), user groups and entitlements including their functional conflicts.

To cooperate with the D-ISO / D-CISO to address requests for policy interpretation, guidance and advice, to ensure creation of divisional policies in accordance with the IS Policy Governance and to support policy authors by raising questions to the policy advisory team

Analyze the root cause for delays or incorrect processing and propose sustainable solutions

Generate MIS for multiple IS topics and to assist senior management identify risks

Support the wider D-CISO office where required

Any adhoc analysis and presentations

Identify areas for improvement in processes in terms of both efficiency and quality

Segregation of Duties (SoD)

Key responsibilities of the SoD Manager comprise:

To design and implement SoD Rules (for applications) in close collaboration with the ISO as well as other SoD Managers or stakeholders who may be affected by these rules. This includes the regular review of these rules and any necessary amendments

To assess and remediate any SoD violations detected within their area of responsibility by either revoking inappropriate access or ensuring adequate compensating controls or exception handling procedures

To assess the impact of inappropriate access on business operations and identify if there are indications for improper use of this access

To act as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility

Liaise and coordinate with Central SoD Governance team and attend SoD forums

Your skills and experience

Skills Profile:

Experience as IT and/or IS analyst ideally in a Banking environment

Proficiency in Microsoft Office applications (Excel, PowerPoint, Word, etc.)

Very good communication skills in English (verbal and written) with ability to articulate / engage with Senior stakeholders (a must)

Strong analytical skills and ability to transform complex issues into efficient solutions

General Project Management skills

Desire to work in a fast paced, challenging multi-cultural environment and with ability to work in a global team

Self-motivated, critical thinking and good understanding of major business and risk processes

Experience/qualifications

Good university graduate or post-graduate degree with Information Security, Risk Management and Governance

Experience in banking industry with a strong sense of accountability and integrity

Prior experience in a risk environment (e.g. in BISO, ORM, Audit, Data Privacy)

Good understanding of major business and operational risk processes.

Certifications such as ISO27001-LA/LI, CISM, CISSP etc.is a plus

Experience in banking industry with a strong sense of accountability and integrity

How we'll support you

Training and development to help you excel in your career

Coaching and support from experts in your team

A culture of continuous learning to aid progression

A range of flexible benefits that you can tailor to suit your needs