Cyber Security Risk Management Specialist (f/m/d)

The Group Security department directly contributes to the Deutsche Börse Group ICT strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity and availability by enforcing ICT controls based on the relevant regulatory requirements and the international standards like ISO 2700x-series on the Information Security Management System.

Area of work: In this role, you will have a unique opportunity to contribute to a growing department at the heart of a dynamic global capital markets business. As part of the Information Security Risk Management team, you will help enforce the ICT Risk Framework in close collaboration with the CISO, Group Risk, Compliance Management, and Data Privacy functions. Your primary focus will be on Cybersecurity Risk Management, our core area of expertise. You will act as a trusted advisor to business partners and senior management, providing expert consultation on cybersecurity risk matters. In addition, you will support a variety of ICT risk-related initiatives, helping to ensure that solutions are robust, compliant with regulatory requirements, our business strategy and aligned with industry best practices. Your proactive mindset and strong interpersonal skills will be key to building trust and fostering collaboration with stakeholders across business and technology. You will thrive in a friendly, cooperative, and supportive environment that values initiative and teamwork.

• Provide expert consultation to the organization on Cyber Security Risk Management matters supporting informed decision-making.
• Conduct risk assessments for ICT assets, including applications, infrastructure, and cloud.
• Support the development and implementation of risk treatment plans, ensuring appropriate mitigation strategies are in place.
• Maintain and enhance risk assessment methodologies and tools to ensure consistency and effectiveness.
• Collaborate with internal stakeholders (e.g., asset owners, security teams, risk decision makers) to identify, evaluate, and mitigate cyber risks.
• Monitor and report on the status of identified risks and treatment actions, ensuring timely resolution and escalation where necessary.
• Contribute to the continuous improvement of the ICT Risk Framework and related policies and procedures.
• Assist in preparing documentation and evidence for internal audits and regulatory reviews.

• Master\'s degree in information technology, Cybersecurity, Business Informatics or comparable education.
• 3+ years of experience in IT risk management, Cybersecurity, GRC, IT Audit or similar.
• Familiar with general legal and regulatory frameworks in the financial industry, for example DORA, NIS2, EBA Guidelines on ICT and security risk management, and industry standards like ISO/IEC 2700x or NIST.
• Certifications like CRISC, CISA, ISO 27001 Lead Implementer or similar is an advantage.
• Strong analytical skills and problem-solving skills, with attention to detail.
• Autonomous and resilient, with strong planning and organization skills.
• Excellent communication and interpersonal skills, with the ability to engage stakeholders across all levels both verbal and written in English (German would be considered an asset).