Information Security Officer (ISO), AS

The role of an Information Security Officer (ISO) is that of a role holder aligned to a portfolio of applications (Application ISO). The ISO is responsible for the operational aspects of ensuring compliance with the Information Security Principles. The ISO is the primary contact for information security relevant matters within their area of responsibility. The ISO has a disciplinary reporting line into their Line Manager and a functional reporting line into the Divisional CISO.

Your key responsibilities

• Assume ownership and responsibility for the assigned IT assets, in line with the DB Group Information Security management processes and the Divisional ISMS
• Support the development and maintenance of Information Security policies and procedures pertaining to the Unit in accordance with the Information Security policies and procedures of DB Group
• Support the management of IS Risks within the Risk Appetite defined by the ISR
• Execute the IS Risk assessments and compliance evaluations for assigned IT assets
• Ensure the execution of information security risk management requirements in the area of responsibility as defined by the Divisional ISO (e.g., conducting risk assessments, preparing and implementing action plans)
• Ensure implementation of Identity and Access Management (IAM) Processes and perform periodic recertification of User Access Rights
• Provide timely updates to the Divisional ISO regarding information security management tasks
• Ensure accuracy of application entries regarding information security (e.g., Data Protection and Privacy) in the Group's inventory of applications
• Implement Segregation of Duty (SoD) rules for assigned IT assets
• Contribute to the Information Security incident management process in case of a security breach
• Stay informed of the Information Security Principles and liaise with necessary parties like TISO, ITAO, or other subject matter experts
• Appropriately document information security risk management activities, including decisions, risks, and mitigation measures
• Deliver all items requested during regulatory and internal Information Security related audits

Your skills and experience

Essential

• Minimum 8 years of business experience in an operation management/risk management capacity
• Working knowledge of various banking products with strong communication skills
• Knowledge of Information Security Controls, Data Protection Policy, Information classification, and segregation of duties in banking operations
• Good understanding of Regulatory, Compliance, and Risk & Control frameworks
• Sound knowledge of Identity and Access Management processes
• Ability to multitask and manage multiple deliverables/projects of strategic importance
• Effective internal and external client communication
• Team player and facilitator

Desirable

• Solid technical understanding of Corporate Banking (CB) Operations, including strong application security knowledge
• Knowledge of electronic banking products and instruction flow
• Computer proficiency in MS Office; ability to leverage IT to enhance efficiency and value
• Innovative mindset with a drive for process improvements
• Service process enhancement, operational risk minimization, and cost optimization skills
• Strong analytical ability, attention to detail, and solid people management experience
• Strong risk control awareness

Education / Certification

• Graduation degree

• CRISC

  (required)
• Desired:

  CISA / CISM / CISSP