ICT Risk & Methodology Expert (f/m/d)

Your area of work:
The ICT Risk Strategy & Methodology unit as part of the Deutsche Börse Group (DBG)’s ICT risk second line of defense, is responsible for the development, maintenance and continuous improvement of the digital operational resilience strategy, the ICT risk management methodology, the threat landscape and the shaping and promotion of a security culture within Deutsche Börse Group. Further, we act as independent challengers & advisors to large scale transformation and security programs within the group.
As a Senior Specialist you will significantly contribute to Deutsche Börse Group strategic ambitions of operating a threat-based ICT risk management and thereby contribute to strengthening our resilience against increasing threats such as cyber attacks.
 
Your responsibilities:
•    Develop maintain and enhance the ICT risk management framework, ensuring alignment with enterprise risk management 
•    Design a comprehensive risk management methodology that encompasses the entire risk management lifecycle, utilizing established best practice frameworks
•    Evaluate and enhance commonly used risk management concepts in the area of ICT risk, e.g. definition of risk appetite, risk taxonomy, scoring of risks, reporting on risks
•    Develop risk scenarios for IT and information security risks
•    Identify and assess emerging threats, as well as contribute to the development and refinement of the threat landscape 
•    Develop, monitor and report risk metrics and performance indicators to track the progress of strategical objectives and potential new risks 
•    Engage in the refinement of ICT risk models, supporting integration into enterprise -wide risk management
•    Support and oversee the implementation of DORA requirements for DBAG  
•    Act as an SME on ICT risk and digital resilience matters in regulatory discussions and audits 
•    Provide advisory and training sessions on risk management methodologies and digital resilience 
 
Your profile:
•    You have completed your university degree in a field related to information security, IT, risk management, business informatics or related fields 
•    You have proven work experience (at least 5-10 years) in the area of IS risk management, IT risk management, non-financial risk management, information security, or comparable functions
•    You are familiar with cyber risk quantification approaches (quantitative and qualitative) and scenario-based analysis
•    You are experienced in working with regulatory frameworks and risk management methodologies and standards (e.g. DORA, ISO27005, ISO 31010 or NIST, FAIR, ISACA/COBIT) 
•    You own strong analytical, social and methodological skills and are eager to develop these further
•    A result-oriented working method in a team is self-evident for you
•    Strong analytical, problem-solving, and communication skills to challenge and advise stakeholders 
•    Ability to collaborate across multiple teams in a multicultural environment 
•    Certifications such as CRISC, CISM, CISSP, or similar are highly preferred 
•    Proficiency in written and spoken English; German language skills will be a strong benefit