Job Title: Technical Information Security Officer, AVP

Location: Pune, India

Role Description

• Articulate and define the main purpose of the position, addressing the question “Why does it exist?”
• It is important to use reflective and action verbs to outline the main position and reason of being of theposition, state the framework or limits within which the position is set, and include the permanent objectives or end-result of the position
• Provide an overview of the key result areas of the position

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy,

• Best in class leave policy.
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities

The TISO’s responsibilities within the assigned Unit comprise:

• To accept the ownership and responsibility for the Information Security of the assigned IT assets
• To carry out the IS Risk and compliance assessments for the assigned IT assets and processes
• To remain fully trained and skilled by completing the required Information Security training provided by CSO or as requested by the Principal TISO or the Divisional TISO
• To provide guidance to key role holders such as ITAOs and IS Officers to develop a secure environment by evaluating the IT Security requirements as early as possible in the system development life cycle to select the applicable Information Security Controls for implementation
• To guide ITAOs on the implementation of compensating controls in case of deviations from the applicable Information Security Controls
• To approve the access control and user authorisation setup of the assigned IT assets. To execute and document periodical recertification of access rights in compliance with the DB Group Identity and Access management processes
• To ensure that the necessary Information Security Controls are implemented
• To cooperate with key role holders such as ITAOs and IS Officers to put monitoring capabilities for IT assets in place Information Security Policy - Deutsche Bank Group For internal use only Page 24
• To review the output of the monitoring jointly with the key role holders such as ITAOs and IS Officers to avoid degradation of the required security level
• To analyse and review the configuration of IT assets where required and to advise on the remediation of gaps according to the applicable Information Security policies
• To contribute to the Information Security incident management process in the case of a security breach for their IT assets, if requested
• To maintain the Information Security related documentation of assigned IT assets in the DB Group IT asset inventory.
• Proactively recertify users, groups coming from all such dashboards, perform attestations, security warnings
• Act as mediator and subject matter expert for business and IT management on information security topics.
• Demonstrates personal commitment to the Bank’s values
• Adheres to Bank Policies and Procedures and drives compliance within the team.
• Takes ownership for own development and career management, seeking opportunities to develop personal capability and improve performance contribution

People Management
The behaviours provided below should be adopted by all Deutsche Bank employees in relation to their development and management of others.

• Actively supports the business strategy, plans and values, contributing to the achievement of a high performance culture
• Takes ownership for own career management, seeking opportunities for continuous development of personal capability and improved performance contribution
• Acts as a role model for new employees, providing help and support to facilitate early integration and assimilation of their new environment
• Supports tough people decisions to ensure people performance is aligned with organisation imperatives and needs. Addresses individual performance issues, where necessary, to drive for high performance

Your skills and experience

• Specify the minimum level and type of experience required for the position (e.g. specialised or cross-functional, cross-industry experience, local or international experience)
  • Do not include the number of years
  • Alternative possible background can be indicated
• Consider the experience required in the following areas:
  • Risk and Regulatory
  • Business
  • Leadership
• MIFiD II Positions: Ensure the description outlines the need to possess the necessary knowledge, competence and at least 6 months of experience in a relevant role to meet relevant regulatory and legal requirements.
• Minimum 9 years working experience on Identity & Access Management, Governance, Risk and Control related topics
• Basic knowledge technology like Mainframe (COBIT, JCL, DB2), microservice architecture, JAVA, ITIL, ServiceNow, JIRA
• Good business analyse knowledge of system design, development, implementation, and user support principles and practices
• Working knowledge about Use recertification process and impact, application security concepts and findings like 2FA, representing application in audits and support ITAO
• Basic Knowledge on Database Systems, application interactions and server operating systems
• Working Knowledge around Network Security concept
• Good communication skills, both written and verbal are fluent in English (written/verbal)
• Good analytical skills and problem solving abilities

Education/ Qualifications

• Define the minimum level and type of education required.
• If applicable, indicate type of certificate, diploma or degree required
• MIFiD II Positions: Confirm position description contains appropriate Qualification Category. Ensure the description outlines the need to possess the necessary knowledge, competence and experience to meet relevant regulatory and legal requirements.
• Bachelor of Science degree from an accredited college or university with a concentration in Computer Science or Software Engineering (or equivalent)
• Proven capabilities / competencies in mitigating the Information Security / Application Governance / IT Control etc.
• Strong understanding of service delivery and relationship management
• Project management, analytical and problem solving skills
• Effective communication and strong interpersonal skills
• Team player, highly motivated, practical problem solver

How we’ll support you

• Training and development to help you excel in your career.
• Coaching and support from experts in your team.
• A culture of continuous learning to aid progression.
• A range of flexible benefits that you can tailor to suit your needs.

About us and our teams

Please visit our company website for further information:

https://www.db.com/company/company.htm

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.