Deutsche Börse

IT Security, Governance Specialist

Deutsche Börse

full-time

Posted on:

Location Type: Office

Location: Frankfurt am MainGermany

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Python

About the role

  • Align, track, and consult on the yearly review and update of XEOps documentation and procedures in line with DBG 2nd line guidelines and international best practices.
  • Consult and support the development, change, and implementation of internal procedures, documentation, and templates, with a focus on coverage of requirements from 2nd line guidelines and procedures.
  • Prepare and deliver on reporting requests from 2nd Lines and Legal Entities regarding required controls and KPIs.
  • Consult and support the teams on IT audit evidence requests.
  • Track identified audit findings for IT assets and support the closure of procedural findings.
  • Consult on and support disaster recovery documentation and reports for IT applications and infrastructure, delivering on requirements from DORA and the DBAG Resilience Guideline.
  • Collaborate with XEOps infrastructure and application support teams on the conception and implementation of Backup & Restore concepts, addressing DORA's IT resilience requirements.
  • Act as a Point-of-Contact and collaborate with the support teams and Application Owners on tasks related to Information Security.
  • Work with IT Product teams and key stakeholders to identify, analyze, and mitigate gaps in the implementation of required security controls from Group Security and 2nd line.
  • Consult and contribute to Risk Assessments and Risk Management of IT applications and infrastructure with relevant stakeholders and Subject Matter Experts.
  • Consult on remediation solutions for vulnerabilities and penetration test results with the IT Support Groups.
  • Address identified vulnerabilities to responsible teams, inform managers, and track follow-up activities to ensure timely resolution.
  • Support the preparation of regular PAM reports from the Privileged Access Inventory and related Account Controls using the relevant scripts.

Requirements

  • Knowledge of the legal and regulatory requirements relevant to the Financial Market (e.g., KRITIS, BAIT, DORA)
  • Strong understanding of international IT best practices and standards (e.g., COBIT, ITIL, ISO2700x)
  • Good understanding of threats and security concepts for ICT infrastructure, platforms, and applications (e.g., network infrastructure, operating systems, databases, middleware, and web application hardening)
  • Proven knowledge of Identity and Access Management (IAM) & Privileged Access Management (PAM)
  • Programming skills (e.g., shell scripts, Python)
  • A passion for IT governance and information security, with a strong desire to learn and deliver high-quality results.
  • Proficiency with the Office365 suite and ticketing systems (e.g., JIRA)
  • Nice to have: Security-related certifications (e.g., OWASP, CEH, CCSP, CISSP) or a willingness to acquire a major certification.
  • Nice to have: Governance-related certifications (e.g., COBIT, ITIL, NIS 2)
Benefits
  • Health insurance
  • Retirement plans
  • Paid time off
  • Flexible work arrangements
  • Professional development
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
shell scriptsPythonIdentity and Access Management (IAM)Privileged Access Management (PAM)IT auditdisaster recoveryrisk assessmentsvulnerability remediationsecurity controlsreporting
Soft Skills
consultingcollaborationcommunicationproblem-solvingattention to detailorganizational skillspassion for IT governancedesire to learnhigh-quality resultsstakeholder engagement
Certifications
OWASPCEHCCSPCISSPCOBITITILNIS 2