Information Security Reporting Specialist

Job Description:

TDI CSO TPS Position Overview

Job Title: Information Security Reporting Specialist

Location: Bucharest, Romania

Overview

We are looking for a knowledgeable Information Security Reporting Specialist to operate as a member of the Chief Security Office (CSO) Third Party Security team (TPS).

The role holder with be an integral member of the Third Part Security (TPS) Function and the primary objective of the role is to identify key stakeholders and information sources that enable TPS to gain accurate insight across a breadth of data sets, analyze information, prepare accurate reporting and communicate insights to a breadth of stakeholders at all levels across the organization and externally.

What We Offer You:

• We offer competitive health and wellness benefits, empowering you to value life in and out of the office
• Active engagement with the local community through Deutsche Bank’s specialized employee groups
• An environment that encourages networking and collaboration across functions and businesses

Return to Office:

• It is the Bank’s expectation that employees hired into this role will work in the Bucharest Romania office in accordance with the Bank’s hybrid working model
• Deutsche Bank provides reasonable accommodations to candidates and employees with a substantiated need based on disability and/or religion

Your Key Responsibilities:

• Develop new research and insights capabilities for Third Party Security topics as part of wider team of analysts
• Identifying key stakeholders and information sources relevant to the Third Party Security objectives
• Collaborating with stakeholders and gathering data/information to product strategic, thematic and tactical reporting for communication across a breadth of stakeholders
• Creation of systems and processes as part of a continuous improvement effort to optimize reporting capabilities
• Lead on specialist projects and as designated
• Work with multiple stakeholders to define and enhance risk data sources
• Own and manage data collection projects and reporting portfolios and aggregate data into a structured format/tool
• Documenting the full reporting process including required data and metrics
• Establish a reporting framework for security controls
• Take ownership for organizing and reporting findings to critical stakeholders
• Collaborate with team members to improve the overall operation using data as a driver
• Own specialist global regulatory assignments, coordinate and respond to designated regulatory matters

Additional secondary responsibilities may include:

• Assist with compliance and risk assessment programs which support corporate wide security programs, and participate in additional key control projects related to the overall enhancement of the assessment function
• Assist with Risk evaluation and business impact analysis of the identified gaps, and provide comprehensive documentation of the identified gaps
• Assist with the review of vendor policies related to Information Security, comparison, and gap analysis to the Deutsche Bank security requirements

Primary Experience:

• Experience in analysis of data, reporting including definition of metrics and data sources
• Experience with Tableau reporting tool and TPM tools
• Experience in Third Party Management processes
• Solid understanding of Risk Management principles
• Knowledge experience in regulatory matters relevant to the Finance Sector
• Basic knowledge and experience in IT Security and Information Security (both technical and organizational controls)
• Understanding of banking industry and services to be able to evaluate impact of security risks is beneficial
• Support review of Information Security Research, such as reviewing MITRE alerts, CVE Alerts, FS-ISAC Alerts, Cyber Security News Feeds, Threat Intelligence New Feeds etc.
• Supporting various excel databases, including but not limited to updating excel formulas, data points, macros, workflows and documentation

Primary Skills:

• Experience in analysis of data, reporting including definition of metrics and data sources
• Experience in analysis of data, reporting including definition of metrics and data sources
• Ability to setup and improve data reporting including all relevant/necessary processes
• Senior management presentation and reporting skills,
• Ability to think strategically, and able to work under pressure and proactively manage timelines and priorities
• Advanced Excel skills, macros, formulas, use of power query, etc.
• Structured and reliable work style
• Critical thinking
• Great communication skills
• Self-confident
• Detailed oriented, collaborative and team oriented, ability to manage conflicts and/or challenges

Additional Skills and Experience

• Knowledge of technical and organizational controls regarding Information Security, and Risk Management principles  
• Knowledge of ISO27001 standard and current industry and agency standards, best practices and frameworks including NIST, ENISA, ISO27001, ISO27017, SOC2, SoX, PCI, and MITRE ATT&CK
• Knowledge of response and management of regulatory requests and engagements, together with experience in audit/compliance driven exercises
• Knowledge of third party/supply chain security assessments
• Knowledge of Governance Risk and Control (GRC) tools, services, frameworks, and best practices
• Knowledge of standardized assessment programs such as the Cloud Security Alliance (CSA), Cloud Controls Matrix (CCM), and CSS Consensus Assessment Initiative Questionnaire (CAIQ), Shared Assessment Program (SIG), etc.
• Knowledge of financial regulations which impact information security

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.