Security Risk and Control Analyst

Overview:

This role will work on Information Security Governance, Risk and Control domains, with a focus on controls, frameworks, policy & procedures, and processes to mitigate risks and handle threats. A big portion of the work involves design and improvement of control landscape particularly for cloud technologies and applications that will migrate to the public cloud. DB has signed a partnership with Google and has started using Google Cloud Platform (GCP) services in their application design – this role will be responsible for ensuring the right control landscape that are required for improving ongoing transformation and assessment of the residual risk.

Key Responsibilities:

• Conduct / participate assessments of information security controls, frameworks and processes taking into account industry best practices, standards and regulations
• Take part in control / framework design, development and implementation
• Work with representatives of governance and control stakeholders to ensure controls are fit-for-purpose, agreed upon and ratified.
• Act as an advisor to stakeholders on execution of policy and control lifecycles, and contribute to their continuous improvement
• Participate in evaluation and/or authoring of information security policies and procedures
• Assist in risk and control assessments to identify the design and operating effectiveness of controls and frameworks

Competencies

• Good analytical skills and ability to work on both conceptual and practical complex tasks
• Good communication skills, both written and verbal
• Self-motivated and flexibility to work autonomously in virtual and multicultural teams.
• Ability to build up knowledge related to new technology / process / solutions in an effective and timely manner
• Flexible mindset with an eye for detail and continuous improvement

Knowledge & Experience

• Experience on working with Information Security Governance, Risk and Control related topics and/or frameworks
• Familiarity with Software Development Lifecycle and continuous process improvement
• Prior knowledge and/or willingness to work with industry best practices and frameworks likeISO27001, NIST, CSA CCM, CRI Profile, COBIT, ITIL
• Experience in conducting gap assessments and/or technology risk assessments
• Advanced knowledge of MS Office products.
• Preferred certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified in Governance of Enterprise IT (CGEIT), ITIL, COBIT, Certified in Risk and Information Systems Control (CRISC) )

What we offer:

• We offer competitive health and wellness benefits, empowering you to value life in and out of the office
• Active engagement with the local community through Deutsche Bank’s specialized employee groups
• An environment that encourages networking and collaboration across functions and businesses
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs
• Training and development to help you excel in your career
• Competitive salary package
• Medical care and life insurance
• 24 vacation days + extra days off
• Meal tickets
• The coolest office
• Continuous learning – tech & soft skills (Plural sight always here to help)
• Free TNB theater tickets
• Our own music band