IT Risk Management Specialist - Ecosystem Partner Security Risk Management (f/m/d)

Your area of work:
The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets, incl. suppliers, in terms of safety, integrity, confidentiality, authenticity and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.
 
Your responsibilities:
In your position, you will provide IT security expertise in support to the business and in line with the key responsibilities:

• You consult the departments and management on Cyber Risk Management matters related to Supplier Security.
• You manage and lead the Information Risk Management service delivery.
• You consult Business Owners on the IT Security Risk Assessments, assuring proper risk identification and assessment in accordance with the Information Security Framework, and monitoring the risk remediation.
• You develop and maintain the Information Risk Management methodology - process - tooling to meet the business strategy, regulatory requirements and the best industry practices.
• You maintain trusted relationships with our business stakeholders, e.g. Risk Owner(s), Chief Information Security Officer, Compliance Officer(s), Technical Information Security Officer(s), and Internal/External Audit.
• You manage Supplier relevant information security incidents by leading and coordinating investigations with stakeholders and documenting incident reports.
• You support the regular reporting on information security to the respective boards and committees.
• You manage and lead the Onsite Risk Assessments for Ecosystem partners.

 
Your profile:

• Bachelor's and/or Master’s degree in information technology, Cybersecurity, Business Informatics or comparable education.
• 5+ years of experience in IT risk management, Cybersecurity, IT Audit or similar.
• Certifications like ITIL, CISM, CRISC, CISA, PMP or similar is an advantage.
• Knowledge of general legal and regulatory frameworks in the financial industry, for example EBA Guidelines on ICT and security risk management, DORA, NIS2, and industry standards like ISO/IEC 2700x or NIST.
• Strong analytical skills, critical thinking, ability to identify problems and propose solutions.
• Autonomous and resilient, with strong planning and organization skills.
• Exceptional communication and stakeholder management skills, both verbal and written in English (German would be considered an asset).