TISO - Information Security compliance, VP

 
: 
Job Title:
TISO - Information Security compliance
LocationPune, India
Corporate TitleVP
Role Description
TISO is responsible to enforce Information Security compliance within their area of responsibility in line with the CISO mandate and strategy as well as the banks risk appetite. Furthermore, TISOs are the experts and points of escalation for all IT security related aspects of the IT assets in their area of responsibility. They provide guidance on how to implement technical control aspects and achieve compliance to the related Information Security controls and ensure appropriate handling of any relevant exceptions. In close cooperation with the respective Chief BISOs they support the business divisions as well as the COO IT counterparts to comply with Security Controls. Deutsche Banks Corporate Bank division is a leading provider of cash management, trade finance and securities finance. We complete green-field projects that deliver the best Corporate Bank - Securities Services products in the world. Our team is diverse, international, and driven by shared focus on clean code and valued delivery. At every level, agile minds are rewarded with competitive pay, support, and opportunities to excel.You will work as part of a cross-functional agile delivery team. You will bring an innovative approach to software development, focusing on using the latest technologies and practices, as part of a relentless focus on business value. You will be someone who sees engineering as team activity, with a predisposition to open code, open discussion and creating a supportive, collaborative environment. You will be ready to contribute to all stages of software delivery, from initial analysis right through to production support.What well offer you

100% reimbursement under childcare assistance benefit (gender neutral)

Sponsorship for Industry relevant certifications and education

Accident and Term life Insurance

Your key responsibilities

Align standards, frameworks and security with overall business and technology strategy

Identify and communicate current and emerging security threats

Create solutions that balance business requirements with information and cyber security requirements

Train users in implementation or conversion of systems

Derive the IT Security strategy from the overall Chief Information Security Office (CISO) strategy and requirements and translates this into an operational plan for delivery for their area of responsibility

In relation to the IT Assets, processes within their scope of responsibility they:

Drive integration of Chief Information Security Office Initiatives, programs and central solutions and ensure alignment with the divisional portfolios.

Ensure effective and efficient communication, coordination and implementation of CISO IT Security requirements and decisions

Are responsible for the adoption of centrally mandated Security Solutions and the maintenance of technical security documentation and compliance to security controls.

Are the recognized expert in DB Information Security Policies and procedures and their implementation in relation to technologies.

Proactively manages IT audits and plan (in co-operation with COO IT management) preparation and remediation.

Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified issues, e.g. information security reviews of vendors, audit issue resolution.

Spearhead independent reviews of IT Security Controls, prioritise identified issues and assesses remediation actions for quality, considering the optimal cost-risk ratio as well the strategically optimal resolution (e.g. Information Security control evaluation and respective follow up activities).

Verify remediation concepts for critical and systemic issues and monitors their execution according to plan and with quality.

Partner with key stakeholders (Chief BISOs and IT management etc.) to act as mediator and subject matter expert for them on Information Technology Security topics. Ensure a common understanding of Information Technology Security risks and their implications for the Group and for their scope of responsibility.

Your skills and experience
Experience of 8-12 years in:

Security considerations of cloud computingThey include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.

Identity and access management (IAM) the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.

Experience with and knowledge of:

VB.NET, Java/J2EE, ColdFusion, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle. These are some of the technical elements needed to build security into an organization.

ISO27001 specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organizations risk management

Control Objectives for Information and Related Technologies (COBIT)

Windows and UNIX environment.

General
Skills:

Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills

Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects

The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background

Ability to present and discuss information security related topics to senior committees, fora and groups, and drive decision making

Ability to distinguish between noise and real issues, in particular when it comes to the impact of information security risk to the franchise

Good understanding of (DB) Findings Management, Control Inventory and how we apply information technology solutions in this space; robust understanding of Anti-Financial Crime Functions in Corporate Banking.

Ability to lead, mentor and influence without formal authority, in a complex multi-matrix organization

Working with Global teams across multiple time zones

Education/Certification

Degree in Information Security or a comparable education

How well support you