Lead Information Security Expert

Chief Security Office is responsible for the creation, maintenance, and implementation of the Information Security Strategy of Deutsche Bank Group. CSO (Chief Security Office) steers the measures derived from the information security strategy and supplies guidance to employees about the identification, development, implementation, and execution of all processes which serve to reduce information security risk, to respond to incidents, and to set up proper policies and standards for information security management.

CSO division, Governance, Risk and Compliance, Universal Governance Control Design team assess the processes and solutions within an assigned security pillar and capability to define the Bank’s Information Security Controls aligning with the Control Objectives to govern and ensure regulatory and organizational requirements of the Bank are satisfied.

As we continue to grow, we are seeking a talented and experienced Information Security Senior Specialist to join our team and play a crucial role in developing and implementing effective security controls. The team is based in Bucharest.

The job holder will be responsible for designing, developing, and implementing robust security controls and measures to safe guard our organization's sensitive information and systems. Working closely with cross-functional teams, including senior stakeholders within our security capability pillars, the Information Security Senior Specialist will assess risks, define security requirements, and design comprehensive controls aligned with industry standards and best practices.

The ideal candidate will have a strong understanding of security frameworks, risk management principles, and emerging threats, and will be able to translate those into practical, scalable security controls.

Task description - Responsibilities

• In collaboration with the subject matter experts of the assigned security pillar and capability, document processes used by the capability, and define the attributes of IS Controls in alignment with the IS Control Lifecycle Design Principles
• Working with the process governance stakeholders, identify and understand security requirements and objectives
• Find pre-requisites of the processes and solutions to function as designed, to develop Information Security Controls tailored to organizational needs and industry standards
• Execute IS Control Lifecycle steps to achieve stakeholder engagement and review of the proposed IS Controls
• Act as a competent partner, and challenger to capability stakeholders in the development and evaluation of the process and control change requests
• Take active role in development, improvement, and implementation of the Bank’s Security Control Framework
• Communicate openly with management and the internal stakeholders; keep them informed of potential findings and escalate problems/delays accordingly
• Proactively develop and keep professional consultative working relationships with the CSO function, clients and respective support areas and use a range of approaches to collect relevant information to assess key risks and analyze existing controls to identify vulnerabilities and gaps in the security posture
• Partner with other divisional teams during IS Control Design and Effectiveness Tests
• Define or contribute to the development of key operational procedures where necessary
• Execute day-to-day operational IS control design teamwork and contribute to the delivery of

the team goals.

• Prepare and present reports, metrics, and dashboards to executive leadership and relevant stakeholders
• Coach and mentor junior members of the team and act as delegate for Head of UG Control Design Team Lead
• Stay up to date with the latest security threats, trends, and technologies, and proactively recommend enhancements to security controls.

Requirements:

• 5-10 years of work experience in the Information Security or Information Technology area with a focus on Governance, Risk, and Compliance and/or IS/IT Audit, preferably in the financial or regulated industry
• Prior experience working on one or more of the information security domains such as Identity and Access, Security Monitoring, Cloud and Cyber Risk, Data Leakage Management, End User Protection, Cryptography is highly beneficial.
• Experience in process design, assessment, documentation, or continuous improvement
• Proven experience in development or assessment of Information Security Controls or Information Security Risks
• Ability to translate complex technical concepts into clear and concise recommendations for non-technical stakeholders.
• Experience in global and diverse teams across different time zones and within a matrix environment
• Demonstrated ability to lead projects and initiatives independently
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across all levels of the organization. Fluent in English.
• Professional / industry recognized certifications (e.g. CISM, CGEIT, CGRC, CISA, CCSP, CISSP, OSCP) preferred
• Strong understanding of cyber security standards (e.g., NIST, OWASP, ISO27001, CCA CCM) and knowledge of the regulatory environment in the financial sector are highly beneficial
• Knowledge of IS threat analysis and frameworks (e.g., MITRE ATT&CK Framework) preferable
• University degree in Computer Science / (Commercial) Information Technology or equivalent qualification

About us and our teams:

Deutsche Bank is the leading German bank with strong European roots and a global network. Click here to see what we do.

Before applying, please read our data protection policy: https://dbprivacy.ro/candidati.html?lang=ro