Information Security Specialist (db)

Job Description

Job Title: Information Security Specialist

Corporate Title: Associate

Location: Bucharest, Romania

Overview

We are looking for a knowledgeable Information Security Specialist to operate as a member of the Chief Security Office (CSO) Third Party Security team (TPS). As an Information Security Specialist, you will be responsible for supporting the development, execution, and maintenance of Deutsche Bank’s information security strategy and program under the management of the CSO. You will work in strategic alignment and partnership with Deutsche Bank’s vendor risk management program under Third Party Management (TPM).

What We Offer You:

We offer competitive health and wellness benefits, empowering you to value life in and out of the office

Active engagement with the local community through Deutsche Bank’s specialized employee groups

An environment that encourages networking and collaboration across functions and businesses

Return to Office:

It is the Bank’s expectation that employees hired into this role will work in the Bucharest Romania office in accordance with the Bank’s hybrid working model

Deutsche Bank provides reasonable accommodations to candidates and employees with a substantiated need based on disability and/or religion

Your Key Responsibilities:

Support and coordinate Vendor Information Security Review processes, track vendors and services, escalate issues, when necessary, negotiate with vendor security, and legal team on the contractual security obligations

Assist with compliance and risk assessment programs which support corporate wide security programs, and participate in additional key control projects related to the overall enhancement of the assessment function

Conduct Risk evaluation and business impact analysis of the identified gaps, and provide comprehensive documentation of the identified gaps

Review vendor policies related to Information Security, comparison, and gap analysis to the Deutsche Bank security requirements

Track vendors and services, escalate issues when necessary, negotiate with vendor security and legal team on the contractual security obligations

Formulate remediation recommendations, and actively work with vendors and project managers on Information Security related findings to resolve issues as quickly as possible to help build and strengthen the relationship

Your Skills and Experience:

Knowledge of technical and organizational controls regarding Information Security, and Risk Management principles  

Experience with ISO27001 standard and current industry and agency standards, best practices and frameworks including NIST, ENISA, ISO27001, ISO27017, SOC2, SoX, PCI, and MITRE ATT&CK

Understanding of Governance Risk and Control (GRC) tools, services, frameworks, and best practices

Experience with standardized assessment programs such as the Cloud Security Alliance (CSA), Cloud Controls Matrix (CCM), and CSS Consensus Assessment Initiative Questionnaire (CAIQ), Shared Assessment Program (SIG), etc will be an added advantage.

Understanding of financial regulations which impact information security.

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.