Job Description: Job Title: Risk and Controls Specialist, VP
Location: Bangalore, India
Role Description:
- The 1st line GTI Risk and Controls function is part of Group Technology Infrastructure (GTI), which is a division of Technology, Innovation and Data (TDI) of Deutsche Bank Group.
- As part of the GTI Risk and Controls team, you will contribute towards DB strategic goals to improve operational resilience and reduce risk.
- Specifically, you will support a proactive risk management function.
- As such, your role will be focused on risk identification and remediation activities.
- Additionally, you will use your expertise to plan and execute thematic risk assessments as well as supporting risk scenario testing and macro threat assessments.
What we ll offer you:
As part of our flexible scheme, here are just some of the benefits that you ll enjoy
- Best in class leave policy
- Gender neutral parental leaves
- 100% reimbursement under childcare assistance benefit (gender neutral)
- Sponsorship for Industry relevant certifications and education
- Employee Assistance Program for you and your family members
- Comprehensive Hospitalization Insurance for you and your dependents
- Accident and Term life Insurance
- Complementary Health screening for 35 yrs. and above
Your key responsibilities:
GTI Risk Management (InfoSec)
- Serve as the IT Security delegate for the CIO Unit (i.e. GTI), managing a team of Analysts / Associates / AVPs. Drive InfoSec Controls compliance activities / InfoSec Controls implementation facilitation management responsibilities. Steer IT Security initiatives and programs.
- Interface with application-level teams and app owners to facilitate and support remediation activities and consequent adoption of compliance solutions for the GTI applications estate across the CSO mandated security control domains.
- Manage stakeholders across InfoSec Control areas and multiple InfoSec Governance Forums.
- Orchestrate periodic reporting activities and deliverables governing the InfoSec controls compliance space. This role holds the ownership of various InfoSec reporting outputs / work-products.
- Coordinate closure actions related to SII/Findings within the Findings Management space. Provide GTI ERTs with InfoSec SME support wherever required.
- Work with the associated D-CISO (Divisional Chief Information Security Officer) for maintenance of Divisional ISMS (Information Security Management System) over IT assets and processes. Support the implementation of IT Security requirements and ensure overall Information Security posture is within agreed Risk Appetite.
- Work in close collaboration with the CIO area (i.e. GTI) level application teams and the technical security structure embedded within the CIO-1 units namely the DTISOs/TISOs (Divisional Technical Information Security Officers).
- Steer IT Security initiatives and programs. Ensure all members of the IT Security organization are trained and have completed the curriculum specific to their assigned roles. Advise and report on Technical Information Security topics. Report regularly on the status of IT Security to the CIOs, relevant IT senior management and to key stakeholders. Additionally, Report to the associated Divisional CISOs on handling of information security topics, issues and risks. Support the Divisional CISO in managing Information Security topics for Technical Security Matters.
- Ensure effective and efficient communication of all IS requirements and decisions within their IT Security organization.
Stakeholder Management Identify, Partner, and Collaborate
- Establish relationship with the DTISO/TISO community within GTI to ensure effective and robust support towards InfoSec realm of activities.
- Partner with the CSO teams to ensure alignment towards Group wide CSO mandated InfoSec controls and standards.
- Collaborate closely and proactively with the DTISO teams to manage the alignment towards InfoSec control requirements.
- Promote and support proactive IT risk culture at the Bank.
Your skills and experience:
Desired experience
- 15+ years of experience as Risk and Control Lead in designing and implementing Technology risk framework in a global organization.
- Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001.
- Knowledge of Agile change delivery methodology, DevOps and Shift left concepts.
- Cloud Computing Technology (GCP, AWS, Azure etc.) certifications or similar domains.
- Other professional qualifications and certifications in Technology risk management.
Desired behaviors
- A strong team player able to operate in a cross-cultural and diverse operating environment.
- Result oriented and ability to deliver under tight timelines.
- Proven ability to lead a team
- Ability to successfully resolve conflicts in a globally matrix driven organization.
- Excellent communication and collaboration skills.
- Desire to learn about new and emerging technologies and continuous upskilling.
- Must be comfortable with navigating ambiguity to extract meaningful risk insights.
How we ll support you:
- Training and development to help you excel in your career
- Coaching and support from experts in your team
- A culture of continuous learning to aid progression
- A range of flexible benefits that you can tailor to suit your needs
