Technology Risk Manager - AVP

Job Description:

Job Title: Technology Risk Manager,

Corporate Title- AVP

Location: Bangalore, India

Role Description

Deutsche Bank’s Corporate Bank division is a leading provider of cash management, trade finance and securities finance. We complete green-field projects that deliver the best Corporate Bank products in the world. Our team is diverse, international, and driven by shared focus on clean code and valued delivery.  At every level, agile minds are rewarded with competitive pay, support, and opportunities to excel. 

You will work as part of a cross-functional agile delivery team. You will bring an innovative approach to software development, focusing on using the latest technologies and practices, as part of a relentless focus on business value. You will be someone who sees engineering as team activity, with a predisposition to open code, open discussion and creating a supportive, collaborative environment. You will be ready to contribute to all stages of software delivery, from initial analysis right through to production support.

You will be joining the Corporate Bank (CB) Technology Risk and Control team as a senior technology risk manager (also known as “embedded risk team lead”).  The Risk and Control team ensures that the Bank's control priorities are effectively implemented across CB Technology.  The team's mission is to reduce the organization's technology risk exposure by monitoring and reporting on implementation of key controls, ensuring appropriate and timely resolution of risk issues, and participating in, and testing of, the design of controls. We are looking for an Information Security specialist to join our Embedded risk team and will be responsible for Information Security related Audit Management, Regulatory Engagement, Control Uplift remediations and overall ensuring security controls are implemented effectively and sustainably.  You will be responsible for supporting one or more CIO-1 portfolios in managing audit/regulatory/self-identified findings, participating in regulatory and audit exams, monitoring stakeholders’ compliance with key risk indicators, and ensuring controls are implemented effectively and sustainably. Your role will be integral in supporting the front-line management in identifying and assessing/measuring risks, determining remediation plans, monitoring levels of risk, and implementation of remediation.  You will work directly with CIO-1s, the CB Technology Chief Risk Officer, senior technology management, business and operations stakeholders, regulatory management, and other embedded risk teams.  In addition, you will advise about information security (IS) issues as they relate to findings management, key risk indicators, control uplift programs and audit/regulatory exams.

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your Key Responsibilities:

• Partner with and support CIO-1 areas in risk management and control implementation.  Partner with portfolio owners and audit/regulatory/self-identified issue finding owners to ensure overall risk posture for the area is improved. 
• Will be responsible for Information Security controls and will partner with CIO teams and finding owners to ensure overall risk posture for the area is improved. Able to liaise with senior management and regulators on reporting of project milestones, key deliverables, and credibility to obtain key stakeholder sign offs. Will partner closely with technology stakeholders and business stakeholders in the development and execution of Risk Framework.
• Support CIO-1 portfolio(s) in managing audit/regulatory/self-identified findings to ensure appropriate and timely resolution of risks/gaps in controls, and resolve non-compliance with Bank policies, procedures and processes and non-compliance with regulations and laws.  Review and revise findings lifecycle event documentation.
• Participate in, and coordinate with technology stakeholders, on internal and external audit and regulatory exams
• Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified technology issues
• Support application teams in control implementation requirements
• Ensure risk remediation programs are initiated and executed.  Design and implement processes to test effectiveness and sustainability of technical controls. 
• Develop strategies for reducing the risk exposure of CIO-1 portfolio(s), including preparedness of critical applications for audit and regulatory exams and working with application owners to address and prevent common risk issues
• Assist application owners and other technology stakeholders in identifying and documenting risks and developing remediation
• Tracking and reporting on CIO-1 portfolio(s) key risk indicators (KRI) and control uplift programs.  Assisting application owners in developing plans to ensure compliance with KRIs and close control gaps.
• Ensure risk remediation programs are initiated and executed in line with the Bank’s policies, procedures and standards. 
• Work with the application teams and control owners to identify and resolve potential issues in control design.  Advise on effectiveness metrics, ensure control design includes proper evidence, and provide input to the design and effectiveness of centrally provided tooling.
•  Advise on information security controls and related IS control uplift programs.  Liaise with IS control owners about exceptions and issues across CB Technology.  Recommend solutions to ensure compliance with IS controls and KRIs.

Your Skills and Experience:

• Excellent communication skills, both written and verbal to present ideas and concepts effectively
• Knowledge of security concepts including security risk and NIST
• Certification – CISSP or CISSM preferred
• Minimum 10 years expertise with atleast 5 years as an Information Security expert.
• Relevant experience in technology risk management, risk advisory and audit management; prefer experience in information security controls, concepts and risks
• Experience with testing technology controls
• Control design skills and technical skills, particularly related to the testing of technology controls and processes
• Experience in assessing risk, writing issues, and developing appropriate corrective actions
• Excellent analytical and investigatory skills to identify underlying technology issues and
• demonstrate viable solutions and problem solving
• Prefer technical background (application development, infrastructure engineering, etc.)
• Prefer experience in evaluating the adequacy and effectiveness of security policies and procedures

How You’ll Lead:

• Partner closely with technology and business stakeholders in the development and execution of the Bank’s risk framework
• Promote proactive risk culture and sustainability of controls to technology stakeholders to help improve overall risk posture for the area
• Liaise with senior management, audit and regulators on reporting of project milestones and key deliverables

How we’ll support you

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:

https://www.db.com/company/company.htm

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.