Risk - Information Security Expert Assessor - Vice President
- Permanent, Full time
- Deutsche Bank APAC
- 27 Sep 16
Risk - Information Security Expert Assessor - Vice President
The Risk division has a fundamental responsibility to protect the Bank. With group-wide responsibility for the management and control of credit, market, operational and reputational risks, we have a unique vantage point which allows us a holistic view of our businesses and our clients. Nearly 4,000 employees work together to achieve our ambition to be an industry-leading risk management organisation.
In an increasingly complex environment, risk management is fast-becoming the most sought after place to build a career within the banking world. Risk at Deutsche Bank is relied upon to help shape the strategy of the organisation and the wider industry agenda.
The Information Security Expert Assessor is member of a Control Function for Information Security-related risk types within the Operational Risk Management Framework.
At a global level the incumbent supports the Global Head of ISR Assessments & Examinations in defining and implementing governance instruments for the assessment of Information Security-risks in accordance with specific legal requirements and internally defined governance rules.
In Singapore, the Information Security Expert Assessor evaluates design and effectiveness of Information Security-related internal controls implemented within local functions of the 1st Line of Defence and provides appropriate consulting as well as reporting services.
- Supports Global Head of ISR Assessments & Examinations in specifying procedures on operational level in particular for:
- Scope and Legal Requirements of Assessments
- Risk Assessment
- Assessment coordination and tracking
- Finding management and follow up
- Control Execution
- Managing interfaces to various Data sources and triggers
- Knowledge Management
- Risk Reporting
- Supports Global Head of ISR Assessments & Examinations in specifying possible types of assessing the internal control system of an area of interest, in particular:
- Spot Checks
- Deep Dives
- Thematic Assessments
- Closure Verification
- Control Effectiveness Testing
- Ad Hoc Requests
- Contributes to the risk assessment of scoped processes, systems and programs done by Global Head of ISR Assessments & Examinations.
- Supports the Global Head of ISR Assessments & Examinations in defining the annual assessment book of work.
- Assesses the design of the internal control system of functions in the 1st Line of Defence regarding Information Security.
- Assesses the effectiveness of Information Security-related internal controls implemented within functions in the 1st Line of Defence.
- Applies as minimum standard the banks Information Security Control Objectives and Controls-policy within these assessments.
- Documents, rates and communicates gaps in 1st line processes, tools and controls against control standards in line with ISR standards
- Provides functions in the 1st Line of Defence with Information Security feedback in regard to confidentiality, integrity and availability of their business processes and information systems.
- Contributes to the knowledge management function of the function by means of following incidents published by industry Information Security forums (e.g. CERT, FIRST), applying new incident scenarios on assessments of the banks IT-infrastructure and proactively spreading gathered information to functions in the 1st Line of Defence.
- Supports the Global Head of ISR Assessments & Examinations and the Information Security Assessment Coordinator in specifying and generating risk reports as 2nd Line of Defence in compliance with legal requirements and internally defined governance rules.
Ensures risk reporting of 1st Line of Defence ito information security.
- Excellent knowledge in at least one or more of the following (Information Security-) processes:
- Risk Management
- Regulatory Requirements (at least Germany and Singapore)
- Access Control
- Cryptographic Controls
- Physical and Environmental Security
- Operations Security
- Communications Security
- Systems Acquisitions, Development and Maintenance
- Information Security Incident and Problem Management
- Information Security Governance for business and technology
- Profound experience in business and IT processes and respective Information Security requirements (minimum of 7 years).
- Extensive experience with financial markets and institutions (minimum of 7 years).
- Excellent analytical skills, flexibility regarding problem solving.
- Excellent communication skills, fluent in English and local language (written/verbal) as appropriate language as appropriate.
Excellent coach, able to inspire and mentor employees, transferring his/her Information Security knowledge adapted to the specific need.
- Bachelors degree from an accredited college or university (or equivalent) &/or relevant practical experience.
- In addition, the following education/certification attainment will be beneficial:
- CISSP (Certified Information Systems Security Professional) or equivalent
- CRIS (Certified in Risk and Information Systems Control)
- CISA (Certified Information Systems Auditor)
- ISSMP (Information Systems Security Management Professional)
- ISSEP (Information Systems Security Engineering Professional)
- ISSAP (Information Systems Security Architecture Professional)
- CGEIT (Certified in the Governance of Enterprise IT) or equivalent
- CISM (Certified Information Security Manager) or equivalent
CEH (Certified Ethical Hacker)
Deutsche Bank offers a challenging and rewarding career where your contribution is valued and rewarded. We have an inclusive and friendly working environment coupled with excellent facilities and benefits.
Deutsche Bank is an equal opportunity employer who seeks to recruit and appoint the best available person for a job regardless of marital status, sex (including pregnancy), age, religion, belief, race, nationality and ethnic or national origin, colour, sexual orientation or disability.