Deutsche Börse

ICT Risk Assurance Specialist

Deutsche Börse

full-time

Posted on:

Location Type: Office

Location: Prague • 🇨🇿 Czech

Visit company website
AI Apply
Apply

Job Level

JuniorMid-Level

Tech Stack

Cloud

About the role

  • Develop annual/multi-year assurance plans, define scope, and prepare workbooks with control requirements and test steps.
  • Perform Test of Design (ToD) and Test of Implementation (ToI) for ICT controls; test operating effectiveness (ToE) using inquiry, observation, inspection, and re-performance.
  • Collect and analyze evidence (policies, procedures, system configs, logs); escalate delays when needed.
  • Document observations and improvement opportunities; share preliminary results for validation; deliver structured reports with severity ratings and remediation timelines.
  • Monitor remediation progress, escalate overdue items, validate closure evidence, and update status reports.
  • Enhance methodologies, templates, and processes; ensure alignment with regulatory requirements (e.g., DORA) and internal frameworks.

Requirements

  • University degree (Bachelor/Master) in IT, Information Security, Risk Management, or related field.
  • Minimum 2 years of experience in IT/Information Security, ideally in internal/external audit, second-line assurance, or control implementation roles.
  • Experience in the financial sector, preferably within EU-regulated environments; familiarity with BAIT, MaRisk, CSSF, and DORA is a plus.
  • Strong understanding of ICT risk frameworks, control design and implementation principles, and the Three Lines of Defense model.
  • Familiarity with common IT standards (CSA-CCM, COBIT, BSI Grundschutz, ITIL, ISO/IEC 27000 series).
  • Ability to apply assurance techniques (inquiry, observation, inspection, re-performance) and sampling methodologies.
  • High analytical skills and conceptual thinking; ability to interpret complex technical and regulatory requirements.
  • Strong interpersonal and communication skills for engaging senior stakeholders.
  • Experience in Cloud Security, Network Security, Vulnerability Management, Security Information and Event Management (SIEM), Privileged Access Management (PAM), Threat Intelligence, Incident Response, or related domains is an advantage.
  • Excellent English (written and spoken); German is an advantage.
Benefits
  • Professional certifications such as CISA, CISM, CISSP, CEH, or CIA are preferred.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
Test of Design (ToD)Test of Implementation (ToI)Test of Effectiveness (ToE)ICT controlsassurance techniquessampling methodologiesCloud SecurityNetwork SecurityVulnerability ManagementSecurity Information and Event Management (SIEM)
Soft skills
analytical skillsconceptual thinkinginterpersonal skillscommunication skills