Application Security Specialist, AVP

Job Description:

Job Title: Application Security Specialist

Corporate Title: Assistant Vice President

Location: Pune/Bangalore India

Role Description

DWS is evolving and expanding its internal information security team. In the CSO Information Security Assurance division, your role will involve assessing the implementation of controls to ensure adherence to Information Security Policies and Procedures. This verification process utilizes the most advanced compliance data sources (i.e., compliance evaluation based on operational data, self-assessment, and independent reviews) to determine whether the necessary information security controls have been established in DWS’s applications, infrastructure, and IT processes, including EUDA/EUMA. In this context, it evaluates associated risks and identifies vulnerabilities related to unimplemented controls. The service also offers guidance on training and the application of security controls.

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities

• Your main responsibility will be to adhere to the Information Security roadmap for the applications (ensuring information security compliance) based on IS principles (confidentiality, integrity, and availability), and to verify their alignment with DWS/DB policies. 
• Assist application team with the applications that are scheduled for migration/re-migration project’s ensuring that it’s IS Criticality ratings are updated according to the DWS/DB IS criticality methodology. 
• Take part in CSO assurance meetings associated with secure architecture design, new product approvals or other risk review discussions to prevent any delays or escalations arising from non-compliance. 
• Assist the DWS CSO in executing the hybrid model as outlined for decisions related to the Aurora Operating Model, ensuring proper alignment with DB CSO ORR controls. 
• Perform security assurance tasks on DWS CSO solutions, business applications, and IT infrastructure located within the Proteus environment.
• Conduct a security assessment when retiring business applications or IT applications in the Proteus environment.
• Aid in resolving regulatory findings and guarantee that there are no outstanding audit issues. 
• Act as a liaison among key role holders such as ITAOs and TISOs to create a secure environment by assessing the Information Security needs. 
• Provide support for the governance of EUDA within a DWS Unit. 
• Contribute to the creation, testing, and management of IS Security Compliance campaigns in accordance with business needs (including documentation and training).
• Oversee Assurance processes and evidence evaluations throughout DWS’s application portfolio to aid in reducing risks linked to non-compliant controls for all DWS entities. 
• Assist in ensuring consistency with all other Control Functions for Operational Readiness.
• Security compliance reporting is a crucial aspect of the security assurance team. Therefore, you are required to work on the promptness of reporting, the precision of the content, and the comprehensiveness of risk and controls. Ensure automation in reporting and delivering value.

Your skills and experience

• Clear understanding of information security risk and compliance framework.
• Experience in application security assessment activities.
• Minimum 8-14 years’ experience in Information security management area.
• Understanding on how application security policies, standards, requirements and controls are defined.
• Strong Microsoft office (excel macro), automation and analytics experience.
• Experience in working with information security governance solutions.
• Experience in CISO Application Security Governance process design
• Proven experience with Information Security Standards implementation (e.g. ISO27001, )
• Proven experience in implementing Risk management standards
• Any globally recognized information security certification (highly preferred)
• Graduation and above (preferably IT, Computer science)
• Understanding of current industry and agency standards, best practices, and/or frameworks i.e.: MITRE ATT&CK, NIST, DORA, ENISA, ISO27001, SOC2, SoX, PCI, etc.
• Dedicated to undertaking any assigned tasks or projects related to CSO.
• Ability to explain, document and present Information Security risks in a clear, concise and understandable manner, ability to present a big picture and connect the dots
• Detailed oriented, collaborative and team oriented, ability to manage conflicts with Senior stakeholders
• Must work independently and can collaborate comfortably in a matrix organization with international teams.
• Excellent verbal and written communication skills, including the ability to effectively participate in and sometimes lead discussions and meetings with internal and/or executive management and other groups involved in Physical Security/technology control assessments.
• Structured and reliable work style

How we’ll support you

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:

https://www.db.com/company/company.htm