TDI – Information Security Analyst - AVP
Singapore, One Raffles Quay
Deutsche Bank
Discover Deutsche Bank, one of the world’s leading financial services providers. News and Information about the bank and its productsJob Description:
Details of the Division and Team:
We are looking for a knowledgeable Information Security Analyst to operating as a member of the Chief Security Office (CSO) Third Party Security team (TPS).
As an Information Security Analyst, you will be responsible for supporting the development, execution, and maintenance of Deutsche Bank’s information security strategy and program under the management of the CSO. You will work in strategic alignment and partnership with Deutsche Bank’s Third-Party Risk Management (TPRM) program under Third Party Management (TPM).
What we will offer you:
A healthy, engaged and well-supported workforce are better equipped to do their best work and, more importantly, enjoy their lives inside and outside the workplace. That’s why we are committed to providing an environment with your development and wellbeing at its center.
You can expect:
Flexible benefits plan including virtual doctor consultation services.
Comprehensive leave benefits
Gender Neutral Parental Leave
Flexible working arrangements
25 days of annual paid leave, plus public holiday & Flexible Working Arrangement
Your key responsibilities:
Conducting Information Security Third Party risk assessments as part of the overall Third-Party Risk Management process (incl. onsite visits/reviews at our Third Parties)
Review Third Party policies and evidence related to Information Security, review Third Party security gap analysis against the Deutsche Bank security requirements.
Conduct risk review and business impact analysis of the identified gaps and provide comprehensive documentation of the identified gaps.
Track Third Party and services, escalate issues when necessary.
Formulate remediation recommendations, and actively work with Third Partys and project managers on Information Security related findings to resolve issues as quickly as possible to help build and strengthen the relationship.
Support and coordinate Third Party Information Security Review processes, track Third Parties and services, escalate issues, when necessary, negotiate with Third Party, business units, and legal team on the contractual security obligations.
Assist with compliance and risk assessment programs which support corporate wide security programs and participate in additional key control projects related to the overall enhancement of the assessment function.
Ability to provide constant communication with involved stakeholders (within in the Bank and outside the Bank)
Provide response and necessary artifacts for Regulatory queries across all regions (globally).
Supporting the team to improve the overall security control framework (e.g. new controls, enhancement of existing controls)
Ability to document and present information security risks in a clear, concise, and understandable manner at various management levels in the bank and/or to the Third Party
Your skills and experience:
Minimum 5 years of experience in IT Security and Information Security (both technical and organizational controls).
Working Experience with ISO27001 standard and current industry and agency standards, best practices and frameworks including NIST, ENISA, ISO27001, ISO27017, SOC2, PCI, and MITRE ATT&CK.
Proven Experience with Cloud Security Alliance (CSA), Cloud Controls Matrix (CCM), and/or CSS Consensus Assessment Initiative Questionnaire (CAIQ)
Understanding of financial regulations or guidance’s which impact information security (e.g.: EU Cybersecurity Act, MAS & HKMA TRM, EBA Guidelines, DORA, GDPR, NYDFS, Sox, etc.)
Knowledge of technical and organizational controls regarding Information Security, and Risk Management principles
Understanding of banking/financial industry and services and the ability to evaluate impact of security risks on banking/financial institutions.
Understanding of Governance Risk and Control (GRC) tools, services, frameworks, and best practices
Proficiency in MS Office Suite - Microsoft Word, Excel, PowerPoint, etc. for reporting purposes
Experience with (or Knowledge of) Shared Assessment Programs (e.g.: SIG, FSQS, etc.)
Experience with (or Knowledge of) in Data Reporting including definition of metrics and data sources (a plus)
Role is required to be performed on-site at One Raffles Quay office. Relevant vaccination requirements may apply.
How we’ll support you:
Flexible working to assist you balance your personal priorities
Coaching and support from experts in your team
A culture of continuous learning to aid progression
A range of flexible benefits that you can tailor to suit your needs
Training and development to help you excel in your career
About us and our teams:
Deutsche Bank is the leading German bank with strong European roots and a global network. Click click here to see what we do.
Deutsche Bank & Diversity
We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.
Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.
We welcome applications from all people and promote a positive, fair and inclusive work environment.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Banking Cloud Compliance GDPR Governance ISO 27001 MITRE ATT&CK NIST Risk assessment Risk management Security strategy SOC 2 SOX Strategy
Perks/benefits: Career development Flex hours Parental leave
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.