Risk - Vendor Information Security Risk Management Specialist - AVP

  • Competitive
  • Singapore
  • Permanent, Full time
  • Deutsche Bank APAC
  • 24 Sep 16

Risk - Vendor Information Security Risk Management Specialist - AVP


Deutsche Bank applies a three Lines of Defense (LoD) model to manage its financial and non-financial risks. Within this approach, the second LoDs define and maintain an effective risk management framework for their risk types with minimum control standards and a related governance structure.

The Information Security Risk (ISR) function is part of Information & Resilience Risk Management (IRRM) and serves as a second LoD for Information Security (IS) risks. ISR is responsible for the definition and development of a consistent second LoD Risk Framework in adherence to the three LoD principles. This includes the definition of a Risk Taxonomy as well as defining a risk appetite for IS risk in line with the Group's risk appetite as per Management Board approval. Also, minimum control standards are set for the first LoD and their adherence is monitored by implementing monitoring controls in the second LoD. With the ongoing risk monitoring and intelligence, ISR ensures to create an effective defense model against emerging risk, as well as management and control of known risks. In regular Risk and Control Assessments, ISR ensures an effective challenge to the first LoD to ensure completeness and correctness of the bank's risk profile. ISR is a global function with a footprint in Germany, UK, USA, and Singapore.

Position Overview


  • Support and coordinate Vendor Information Security Review processes
  • Review of security posture of external vendors and vendor services
  • Identification of security risks and gaps
  • Risk evaluation and business impact analysis of the identified gaps
  • Formulating remediation recommendations based on bank's standards and industry best practice
  • Comprehensive documentation of the identified gaps and related risk from the technical as well as from the business perspective
  • Review of vendor policies related to Information Security, comparison and gap analysis to the DB security requirements
  • Review of implementation of DB security requirements by the vendor
  • Extensive communication with the project managers responsible for the outsourcing and service relationship owners as well as vendor security experts
  • Actively work with vendors and project managers on IS related findings to resolve issues as quickly as possible to help build and strengthen the relationship
  • Follow-up with the contract persons to receive status of remediation efforts and provide management with updates, risks, and issues
  • Track vendors and services that consistently miss deadlines and escalate when further action is needed
  • Negotiation with the vendor's security and legal team on the contractual security obligations

Knowledge and Experience:
  • Extensive knowledge and experience in IT Security and Information Security (both technical and organizational controls)
  • Experience with ISO27001 standard is critical
  • Relevant professional certifications: CISSP, CISA, ISO27001 Lead Auditor or similar
  • Experience with Shared Assessment Program or similar methodologies is a plus
  • Solid understanding of Risk Management principles
  • Understanding of banking industry and services to be able to evaluate impact of security risks is beneficial
  • Ability to communicate and operate in a complex global organization and promote the adherence to corporate policy goals while building working relationships with senior management and vendor staff

  • Ability to explain, document and present information security risks in a clear, concise and understandable manner, ability to present a big picture and connect the dots
  • Communication and interview skills,
  • Critical thinking
  • Senior management presentation and reporting skills,
  • Structured and reliable work style
  • Robust and strong analytical skills to thoroughly analyze vendor services in appropriate timeframe without missing key issues
  • Ability to think strategically, and able to work under pressure and proactively manage timelines and priorities
  • Detailed oriented, collaborative and team oriented, ability to manage conflicts
  • Attention to details
  • Self-confident with strong interpersonal and negotiation skills

Deutsche Bank offers a challenging and rewarding career where your contribution is valued and rewarded. We have an inclusive and friendly working environment coupled with excellent facilities and benefits.

Deutsche Bank is an equal opportunity employer who seeks to recruit and appoint the best available person for a job regardless of marital status, sex (including pregnancy), age, religion, belief, race, nationality and ethnic or national origin, colour, sexual orientation or disability.