IT Risk Management Specialist - Ecosystem Partner Security Risk Management (f / m / d)

Your area of work :

The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets, incl. suppliers, in terms of safety, integrity, confidentiality, authenticity and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO / IEC 27000-series on the Information Security Management System.

• You consult the departments and management on Cyber Risk Management matters related to Supplier Security.
• You manage and lead the Information Risk Management service delivery.
• You consult Business Owners on the IT Security Risk Assessments, assuring proper risk identification and assessment in accordance with the Information Security Framework, and monitoring the risk remediation.
• You develop and maintain the Information Risk Management methodology - process - tooling to meet the business strategy, regulatory requirements and the best industry practices.
• You maintain trusted relationships with our business stakeholders, e.g. Risk Owner(s), Chief Information Security Officer, Compliance Officer(s), Technical Information Security Officer(s), and Internal / External Audit.
• You manage Supplier relevant information security incidents by leading and coordinating investigations with stakeholders and documenting incident reports.
• You support the regular reporting on information security to the respective boards and committees.
• You manage and lead the Onsite Risk Assessments for Ecosystem partners.

• Bachelor's and / or Master’s degree in information technology, Cybersecurity, Business Informatics or comparable education.
• 5+ years of experience in IT risk management, Cybersecurity, IT Audit or similar.
• Certifications like ITIL, CISM, CRISC, CISA, PMP or similar is an advantage.
• Knowledge of general legal and regulatory frameworks in the financial industry, for example EBA Guidelines on ICT and security risk management, DORA, NIS2, and industry standards like ISO / IEC 2700x or NIST.
• Strong analytical skills, critical thinking, ability to identify problems and propose solutions.
• Autonomous and resilient, with strong planning and organization skills.
• Exceptional communication and stakeholder management skills, both verbal and written in English (German would be considered an asset).

We are committed to providing a work environment where everyone feels welcome and can reach their full potential. Our standards go far beyond simply matching candidates with the right position.

• Mobility — We enable you to move freely with our job tickets, job (e-)bikes and free parking opportunities.
• Work environment — Collaboration, communication, or deep focus – in our modern office buildings you will find the perfect work environment. Free drinks and food and meal allowances included.
• Health and wellbeing — We care for your health and wellbeing and besides various health promotion measures we offer you a group accident insurance and additional insurance offers at discounted rates.
• Financial stability — We provide financial stability by offering attractive salaries, company pension schemes, participation in our Group Share Plan, as well as bonuses, subsidies and discounts.
• Hybrid work — Collaborate and exchange on-site or work remotely several days a week in line with business needs and local regulations. Our hybrid working model combines the best of both worlds.
• Flexible working hours — We want your job to fit your life situation and offer flexible working time models, childcare allowance, or the possibility to study alongside your job.
• Internationality — Our market infrastructures are globally connected. Working with us means collaborating with like-minded colleagues across over 60 locations from more than 100 nations.
• Development — We promote individual development by offering internal development programmes, mentoring, further education and training budgets.