ICT Risk Analyst
Frankfurt, Germany
CMC Markets
Trade with leverage on forex, indices, commodities, cryptos, shares, and more. Choose from over 10,000 instruments on MT4, MT5, TradingView and Next Generation trading platforms.As an ICT Risk Analyst, you will be supporting the Information Security and ICT Risk Officer of the CMC Markets GmbH (Europe) organisation, part of CMC Markets Group. CMC Markets GmbH has the primary local responsibility for CMC Markets across Europe, and the relationship with BAFIN as the regulatory oversight.
In this role you will be responsible for implementing and maintaining risk management procedures, conducting risk assessments and 2nd line assurance, ensuring that the organisation Company remains compliant with industry regulations (such as DORA, MaRisk, etc.) and improves its 2nd line of defence capabilities working closely with various Group functions.
You will contribute to the Group wide security function as necessary, supporting the development of policy, documentation and risk management. You will provide security governance as necessary for the European offices and support the wider Group, where required. The role also involves providing consulting capability and interpretation for developing risk mitigation plans and actions of the 1st Line of defence, therefore communicating with stakeholders and keeping up to date with market trends and regulatory requirements.
ROLE AND RESPONSIBILITIES
Creation, updating and maintenance of security documentation such as IT security concepts, policy, procedures, standards and guidelines.
Participate in ICT risk assessments, control target and actual control delivery comparison, and control maturity assessments, based on the ICT Risk Framework of the CMC Markets GmbH, ensuring risk data quality and integrity.
Monitor and oversee ICT risks for the CMC Markets GmbH, ensuring that management actions are identified, documented in line with relevant regulations, with that the ICT risks are addressed sufficiently by formulating risk treatment plans, to align with the set risk appetite.
Support the IS and ICT Risk office and other business units of CMC Markets GmbH in identifying material risks in ICT projects and ensure that these risks are considered throughout the phases of the project.
Support internal and external audit activities, by providing subject matter coverage for 2nd line defence related activities, within the scope of the ICT risk framework.
As a dedicated Business Continuity Plan coordinator, ensure that the business impact analysis, the business continuity planning related activities are conducted as required from all business units of CMC Markets GmbH and these are documented and tracked as per the ICT Risk framework, including the regular testing of the business continuity plans.
Support the third-party supplier management framework with regard to critical/important suppliers, risk classification and security due diligence.
Support ongoing development and maintenance of Group Wide ISMS.
Remain up to date with relevant security requirements arising from European laws and regulations (like MaRisk, DORA, BAIT EBA guidelines, BSI guidelines, NIS2).
Team Working – must be willing to collaborate well with local and group representatives.
Maintain awareness of requirements and controls of related industry accepted standards such as; ISO 27000, ISO23001
KEY SKILLS AND EXPERIENCE
University degree or comparable qualification with a focus on Business, Technology, Information Security or similar.
Holding relevant SME qualifications, like CISA, CRISC, CISM or similar.
Experience writing documentation including policy, procedures, standards, guidelines.
Experience documenting business impact and protection needs analysis
Experience completing risk assessments or auditing activities or 3rd party assurance activities
Knowledge of security requirements and controls relating to regulatory, compliance and standards necessary for Financial institutions in Europe (e.g. BAFIN, ECB or similar regulatory oversight)
Strong analytical understanding and attention to details, as well as acting independently with steering on priorities and according to deadlines, strong communication skills.
You must be flexible and pragmatic in your approach.
Working proficiency in German and in English, verbal and written communication skills.
CMC Markets is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of gender, sexual orientation, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM Compliance CRISC Governance ISMS ISO 27000 NIS2 Risk assessment Risk management
Perks/benefits: Flex hours
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.