The role of an Information Security Officer (ISO) is of a role holder aligned to a portfolio of applications (Application ISO). The ISO has the responsibility for the operational aspects of ensuring compliance with the Information Security Principles. The ISO is the primary contact for information security relevant matters within their area of responsibility. SOD manager must implement Segregation of Duty (SoD) rules for the assigned IT assets and to manage violations of SoD. The ISO and SOD manager have a disciplinary reporting line into their Line Manager and a functional reporting line into the Divisional CISO.
Your key responsibilities
- To assume the ownership and responsibility for the assigned IT assets, in line with the DB Group Information Security management processes and the Divisional ISMS.
- To support the development and maintenance of Information Security policies and procedures pertaining to the Unit in accordance with the Information Security policies and procedures of DB Group.
- To support the management of IS Risks within the Risk Appetite defined by the ISR.
- To execute the IS Risk assessments and compliance evaluations for assigned IT assets.
- To ensure the execution of information security risk management requirements in their area of responsibility as additionally defined by the Divisional ISO (e.g., conducting risk assessments on an organizational basis, preparing and implementing management action plans to mitigate identified risks).
- To ensure the implementation of Identity and Access Management Processes and the execution of a periodic recertification of User Access Rights in their area of responsibility.
- To provide timely updates to the Divisional ISO regarding the aforementioned information security management tasks.
- To ensure that application entries regarding information security (e.g., Data Protection and Data Privacy fields) in the Group's inventory of applications are accurate and up to date.
- To implement Segregation of Duty (SoD) rules for the assigned IT assets.
- To contribute to the Information Security incident management process in the case of a security breach.
- Keep oneself informed of the Information Security Principles and its subordinate documents and liaise with any other necessary parties to accomplish their tasks. These resources may be e.g., the TISO, ITAO or any other subject matter experts.
- To ensure appropriate documentation of information security risk management in area of responsibility. This includes major decisions including identified and assessed risks as well as risk mitigation measures.
- To deliver all items requested during regulatory and internal Information Security related audits.
Your skills and experience
Essential
- Candidate should have a minimum of 8 years of business experience in an operation management / risk management capacity, working knowledge in various banking products with strong communications skills.
- Knowledge on Information Security Controls, Data Protection Policy, Information classification principles and segregation of duties requirements within Banking Operations.
- Good understanding of Regulatory, Compliance, Risk & Control Knowledge.
- Have sound knowledge of Identity and Access Management Process.
- Ability to multitask and manage multiple deliverables / projects that are highly visible and of strategic importance to our clients.
- Ability to effectively communicate with clients internally and externally.
- Must be a team player and facilitator.
Desirable
- Solid technical understanding of the business (CB Operations) including strong knowledge of application security related processes.
- Knowledge of electronic banking products and flow of instructions.
- Computer proficiency in MS Office and ability to utilize IT initiatives to achieve a high degree of operational efficiency, optimize costs and add value to the service provided.
- Innovative approach to work and continuously identify and implement process improvements.
- Seek opportunities to improve service processes, minimize operational risk and reduce costs.
- Strong analytical skills, detail orientation, service commitment and solid people management skills.
- Strong awareness of risk control.
Education / Certification
- Graduation degree
- CRISC
- Desired: CISA / CISM / CISSP
