Information Security Specialist for Real Time Promotion
Job Title: Information Security Specialist
Corporate Title: Assistant Vice President (AVP)
Location: Bucharest, Romania
We are looking for a knowledgeable Information Security Specialist to operate as a member of the Chief Security Office (CSO) Third Party Security team (TPS). As an Information Security Specialist, you will be responsible for supporting the development, execution, and maintenance of Deutsche Bank’s information security strategy and program under the management of the CSO. You will work in strategic alignment and partnership with Deutsche Bank’s vendor risk management program under Third Party Management (TPM).
Your Key Responsibilities:
- Support and coordinate Vendor Information Security Review processes, track vendors and services, escalate issues, when necessary, negotiate with vendor security, and legal team on the contractual security obligations
- Assist with compliance and risk assessment programs which support corporate wide security programs, and participate in additional key control projects related to the overall enhancement of the assessment function
- Conduct Risk evaluation and business impact analysis of the identified gaps, and provide comprehensive documentation of the identified gaps
- Review vendor policies related to Information Security, comparison, and gap analysis to the Deutsche Bank security requirements
- Track vendors and services, escalate issues when necessary, negotiate with vendor security and legal team on the contractual security obligations
- Formulate remediation recommendations, and actively work with vendors and project managers on Information Security related findings to resolve issues as quickly as possible to help build and strengthen the relationship
Your Skills and Experience:
- Knowledge of technical and organizational controls regarding Information Security, and Risk Management principles
- Experience with ISO27001 standard and current industry and agency standards, best practices and frameworks including NIST, ENISA, ISO27001, ISO27017, SOC2, SoX, PCI, and MITRE ATT&CK
- Understanding of Governance Risk and Control (GRC) tools, services, frameworks, and best practices
- Experience with standardized assessment programs such as the Cloud Security Alliance (CSA), Cloud Controls Matrix (CCM), and CSS Consensus Assessment Initiative Questionnaire (CAIQ), Shared Assessment Program (SIG), etc
- Understanding of financial regulations which impact information security
What We Offer You:
- We offer competitive health and wellness benefits, empowering you to value life in and out of the office
- Active engagement with the local community through Deutsche Bank’s specialized employee groups
- An environment that encourages networking and collaboration across functions and businesses
Return to Office:
It is the Bank’s expectation that employees hired into this role will work in the Bucharest Romania office in accordance with the Bank’s hybrid working model
Deutsche Bank provides reasonable accommodations to candidates and employees with a substantiated need based on disability and/or religion
Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.
Visit Inside Deutsche Bank to discover more about the culture of Deutsche Bank including Diversity, Equity & Inclusion, Leadership, Learning, Future of Work and more besides.