Job Description:Job Title: Technology Risk Manager, Vice President
Location: Pune, India
Your Key Responsibilities:
* Partner with and support CIO-1 areas in risk management and control implementation. Partner with portfolio owners and audit/regulatory/self-identified issue finding owners to ensure overall risk posture for the area is improved.
* Will be responsible for Information Security controls and will partner with CIO teams and finding owners to ensure overall risk posture for the area is improved. Able to liaise with senior management and regulators on reporting of project milestones, key deliverables, and credibility to obtain key stakeholder sign offs. Will partner closely with technology stakeholders and business stakeholders in the development and execution of Risk Framework.
* Strong hands-on technical background in IT security controls and SME in at least one area amongst crypto, cyber, I&A, Cloud etc.
* Pro-actively identify and Implement IT Security strategy and translate this into an operational plan for delivery for their area of responsibility
* Provide management and leadership for TISO (Technical Information Security Officers) within the respective division or function and Information Technology Security oversight of the applications and infrastructure (IT assets).
* Act as point of escalation for IT Security issues and exceptions.
- Support CIO-1 portfolio(s) in managing audit/regulatory/self-identified findings to ensure appropriate and timely resolution of risks/gaps in controls, and resolve non-compliance with Bank policies, procedures and processes and non-compliance with regulations and laws. Review and revise findings lifecycle event documentation.
* Participate in, and coordinate with technology stakeholders, on internal and external audit and regulatory exams
* Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified technology issues
* Support application teams in control implementation requirements
* Ensure risk remediation programs are initiated and executed. Design and implement processes to test effectiveness and sustainability of technical controls.
* Develop strategies for reducing the risk exposure of CIO-1 portfolio(s), including preparedness of critical applications for audit and regulatory exams and working with application owners to address and prevent common risk issues
* Assist application owners and other technology stakeholders in identifying and documenting risks and developing remediation
* Tracking and reporting on CIO-1 portfolio(s) key risk indicators (KRI) and control uplift programs. Assisting application owners in developing plans to ensure compliance with KRIs and close control gaps.
* Ensure risk remediation programs are initiated and executed in line with the Bank's policies, procedures and standards.
* Work with the application teams and control owners to identify and resolve potential issues in control design. Advise on effectiveness metrics, ensure control design includes proper evidence, and provide input to the design and effectiveness of centrally provided tooling.
* Advise on information security controls and related IS control uplift programs. Liaise with IS control owners about exceptions and issues across CB Technology. Recommend solutions to ensure compliance with IS controls and KRIs.
Your Skills and Experience:
* Excellent communication skills, both written and verbal to present ideas and concepts effectively
* Knowledge of security concepts including security risk and NIST
* Certification - CISSP or CISSM preferred
* Minimum 10 years expertise with atleast 5 years as an Information Security expert.
* Relevant experience in technology risk management, risk advisory and audit management; prefer experience in information security controls, concepts and risks
* Experience with testing technology controls
* Control design skills and technical skills, particularly related to the testing of technology controls and processes
* Experience in assessing risk, writing issues, and developing appropriate corrective actions
* Excellent analytical and investigatory skills to identify underlying technology issues and
* demonstrate viable solutions and problem solving
* Prefer technical background (application development, infrastructure engineering, etc.)
* Prefer experience in evaluating the adequacy and effectiveness of security policies and procedures
How You'll Lead:
* Partner closely with technology and business stakeholders in the development and execution of the Bank's risk framework
* Promote proactive risk culture and sustainability of controls to technology stakeholders to help improve overall risk posture for the area
* Liaise with senior management, audit and regulators on reporting of project milestones and key deliverables
How we’ll support you
- Training and development to help you excel in your career
- Coaching and support from experts in your team
- A culture of continuous learning to aid progression
- A range of flexible benefits that you can tailor to suit your needs
About us and our teams
Please visit our company website for further information:
https://www.db.com/company/company.htm
We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.
Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.
We welcome applications from all people and promote a positive, fair and inclusive work environment.
