Senior Information Security Specialist (f/m/d)

Your area of work
Eurex Clearing AG Information Security second line of defense organisation is responsible for the cyber security risk assurance program, cyber resilience, steering of IS processes, IS controls and IS compliance activities. As a Senior Information Security Specialist, you will support the Eurex Clearing AG's Chief Information Security Officer in a 2nd Line of Defense role. Being part of a team organized as a unit you will develop and manage information security and risk controls in close collaboration with other Deutsche Börse Group functions and entities. The Senior Information Security Specialist will have further responsibility as Chief Information Security Officer for another regulated EUREX entity.

 
Your responsibilities

• Support the implementation and maintenance of the information security risk assurance program, including IS control requirements consistent with ISO 27000-series based on the analysis of the threat landscape, applicable policies, standards, and regulations
• Analyse, improve and document information security aspects in relevant business and IT processes
• Conduct risk assessments and support reporting on material risks and further Information Security related topics as part of the quarterly reporting to the executive and supervisory boards
• Control and assess service providers, i.e. monitor services, work products, KPIs, and controls compliance
• Provide required evidence in audits (internal audits, ISAE reports, regulatory or customer questionnaires)
• Conduct ongoing and yearly review tasks regarding Risk Management, Outsourcing and Material Change Management
• Support incident handling and track incidents together with CERT
• Actively and professionally engage with business operations and IT in conversations that drive adequate IS risk decisions
• Ensure employees and third parties understand, acknowledge, and fulfil all applicable information security policy requirements

 
Your profile

• University degree (master or diploma) in IT or business administration or comparable education; IT knowledge is a must
• Minimum 4 years of experience in IT security, information security risk management, or IT audit in the financial sector, preferably with focus on 2nd LoD activities
• Experience with information security risk management frameworks, esp. ISO 27000
• Analytical skills and experience to understand, structure and prepare/explain complex topics; end-to-end thinking required
• High self-responsibility & ownership; result orientation and (internal) customer focus
• Ability to develop a full and deep understanding of the business / IT operations and related information security risks
• Proficiency in written and spoken German and English