TDI – Information Security Analyst - AVP

Details of the Division and Team:

We are looking for a knowledgeable Information Security Analyst to operating as a member of the Chief Security Office (CSO) Third Party Security team (TPS).

As an Information Security Analyst, you will be responsible for supporting the development, execution, and maintenance of Deutsche Bank’s information security strategy and program under the management of the CSO. You will work in strategic alignment and partnership with Deutsche Bank’s Third-Party Risk Management (TPRM) program under Third Party Management (TPM).

What we will offer you:

A healthy, engaged and well-supported workforce are better equipped to do their best work and, more importantly, enjoy their lives inside and outside the workplace. That’s why we are committed to providing an environment with your development and wellbeing at its center.

You can expect:

• Flexible benefits plan including virtual doctor consultation services.

• Comprehensive leave benefits

• Gender Neutral Parental Leave

• Flexible working arrangements

• 25 days of annual paid leave, plus public holiday & Flexible Working Arrangement

Your key responsibilities:

• Conducting Information Security Third Party risk assessments as part of the overall Third-Party Risk Management process (incl. onsite visits/reviews at our Third Parties)

• Review Third Party policies and evidence related to Information Security, review Third Party security gap analysis against the Deutsche Bank security requirements.

• Conduct risk review and business impact analysis of the identified gaps and provide comprehensive documentation of the identified gaps.

• Track Third Party and services, escalate issues when necessary.

• Formulate remediation recommendations, and actively work with Third Partys and project managers on Information Security related findings to resolve issues as quickly as possible to help build and strengthen the relationship.

• Support and coordinate Third Party Information Security Review processes, track Third Parties and services, escalate issues, when necessary, negotiate with Third Party, business units, and legal team on the contractual security obligations.

• Assist with compliance and risk assessment programs which support corporate wide security programs and participate in additional key control projects related to the overall enhancement of the assessment function.

• Ability to provide constant communication with involved stakeholders (within in the Bank and outside the Bank)

• Provide response and necessary artifacts for Regulatory queries across all regions (globally).

• Supporting the team to improve the overall security control framework (e.g. new controls, enhancement of existing controls)

• Ability to document and present information security risks in a clear, concise, and understandable manner at various management levels in the bank and/or to the Third Party

Your skills and experience:

• Minimum 5 years of experience in IT Security and Information Security (both technical and organizational controls).

• Working Experience with ISO27001 standard and current industry and agency standards, best practices and frameworks including NIST, ENISA, ISO27001, ISO27017, SOC2, PCI, and MITRE ATT&CK.

• Proven Experience with Cloud Security Alliance (CSA), Cloud Controls Matrix (CCM), and/or CSS Consensus Assessment Initiative Questionnaire (CAIQ)

• Understanding of financial regulations or guidance’s which impact information security (e.g.: EU Cybersecurity Act, MAS & HKMA TRM, EBA Guidelines, DORA, GDPR, NYDFS, Sox, etc.)

• Knowledge of technical and organizational controls regarding Information Security, and Risk Management principles

• Understanding of banking/financial industry and services and the ability to evaluate impact of security risks on banking/financial institutions.

• Understanding of Governance Risk and Control (GRC) tools, services, frameworks, and best practices

• Proficiency in MS Office Suite - Microsoft Word, Excel, PowerPoint, etc. for reporting purposes

• Experience with (or Knowledge of) Shared Assessment Programs (e.g.: SIG, FSQS, etc.)

• Experience with (or Knowledge of) in Data Reporting including definition of metrics and data sources (a plus)

Role is required to be performed on-site at One Raffles Quay office. Relevant vaccination requirements may apply.

How we’ll support you:

• Flexible working to assist you balance your personal priorities

• Coaching and support from experts in your team

• A culture of continuous learning to aid progression

• A range of flexible benefits that you can tailor to suit your needs

• Training and development to help you excel in your career

About us and our teams:

Deutsche Bank is the leading German bank with strong European roots and a global network. Click to see what we do.

Deutsche Bank & Diversity

We strive for a in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.