About Deutsche Börse Group:
Headquartered in Frankfurt, Germany, Deutsche Börse Group is a leading international exchange organization and market infrastructure provider. They empower investors, financial institutions, and companies by facilitating access to global capital markets.
Their India center is located in Hyderabad, serves as a key strategic hub and comprises India's top-tier tech talent. They focus on crafting advanced IT solutions that elevate market infrastructure and services. Deutsche Börse Group in India is composed of a team of capital market engineers forming the backbone of financial markets worldwide.
The Chief ICT Risk Office (CISO) combines IT & IS Risk Management in the 2nd Line of Defense. The department's mandate is to set the IT and IS (ICT) risk governance and framework, set the control objectives, control review methodology and risk assessment methodology, conduct independent risk assurance of 1st LoD ICT controls ( IT and IS controls), and independently monitor and report on the level of ICT risks as well as to drive transformation and collaboration.
In this role, you will be part of ICT Risk Assurance team, performing continuous monitoring and oversight to confirm that our ICT controls are well-designed, correctly implemented, and operating effectively to protect the organization.
Your Responsibilities:
- Design and implement risk-based assurance plans aligned with internal and regulatory requirements.
- Lead and execute IT & IS assurance assessments to evaluate risks across applications, infrastructure, cloud platforms, and network/security processes.
- Ensure IT systems and processes comply with relevant laws, regulations, and standards, including DORA, MaRisk, CSSF, NIST, ISO 27000, etc.
- Test the effectiveness of IT General Controls (ITGC) and cybersecurity controls across Access Management, SDLC & Change Management, Encryption, Third Party Risk, Patch & Vulnerability. Management, SIEM, Penetration Testing, IT Operations, and other security domains to identify gaps and improvement areas.
- Prepare high quality assurance reports with clear observations, identified risk, and actionable recommendations for management; effectively communicate complex technical issues to both technical and non-technical stakeholders.
- Track and monitor remediation actions, validate closure, and ensure sustainability of corrective measures.
- Collaborate with IT, Security teams, and other cross-functional stakeholders to provide risk insights or guidance on risk and control expectations for new and existing systems.
- Contribute to the continuous improvement of assurance methodologies, frameworks, and processes.
- Stay updated with emerging cyber threats, industry trends, evolving technologies, cloud risks, and changes in the regulatory landscape.
Your profile:
Experience:
- A minimum of 3+ years of dedicated experience in IT/ cyber audit, second-line assurance, cybersecurity implementation or GRC role, with a proven track record of active involvement on complex audits/assurance reviews or implementation projects from planning to reporting.
Education:
- Bachelor's or Master's degree in IT, Information Security, Risk Management, or a related field.
Expert Industry Knowledge:Practical experience in in one or more of the following:
- Cloud Security.
- Network Security.
- Vulnerability Management.
- Penetration Testing.
- SIEM / SOC /CERT.
- Encryption.
- Identity & Access Management / Privileged Access Management (PAM).
- Software Development & Change Management.
- Artificial Intelligence (AI) Risk / AI Governance.
Frameworks and Standards:
- Strong knowledge of IT governance and control frameworks such as COBIT, CSA CCM, ISO/IEC 27000 series, ITIL, and relevant EU regulations.
Professional Certifications:
- Certifications such as CISA, ISO 27001 LA/LI, CISM, CISSP, CRISC are preferred.
Advanced Core Skills:
- Assurance Skills: Experienced in audit/assurance techniques, developing risk-based testing strategies, sampling methodologies, and mentoring junior team members.
- Analytical & Strategic Mindset: Ability to identify root causes, understand cross-domain risk impacts, and translate complex technical and regulatory issues into business implications.
- Stakeholder Influence: Strong communication, negotiation, and influencing skills; comfortable presenting findings and building credibility with senior stakeholders.
- Three Lines of Defense: Strong understanding of the Three Lines of Defense model.
- Languages: Excellent command of English (written and spoken).
