Your area of work:
The Chief ICT Risk Office (CISO) combines IT & IS Risk Management in the 2nd Line of Defense. The department’s mandate is to set the IT and IS (ICT) risk governance and framework, set the control objectives, control review methodology and risk assessment methodology, conduct independent risk assurance of 1st LoD ICT controls (IT and IS controls), and independently monitor and report on the level of ICT risks as well as to drive transformation and collaboration.In this role, you will be part of ICT Risk Assurance team, performing continuous monitoring and oversight to confirm that our ICT controls are well-designed, correctly implemented, and operating effectively to protect the organization.
Your responsibilities:
Design and implement risk-based assurance plans aligned with internal and regulatory requirementsLead and execute IT & IS assurance assessments to evaluate risks across applications, infrastructure, cloud platforms, and network/security processesEnsure IT systems and processes comply with relevant laws, regulations, and standards, including DORA, MaRisk, CSSF, NIST, ISO 27000, etc.Test the effectiveness of IT General Controls (ITGC) and cybersecurity controls across Access Management, SDLC & Change Management, Encryption, Third‑Party Risk, Patch & Vulnerability Management, SIEM, Penetration Testing, IT Operations, and other security domains to identify gaps and improvement areasPrepare high‑quality assurance reports with clear observations, identified risk, and actionable recommendations for management; effectively communicate complex technical issues to both technical and non‑technical stakeholdersTrack and monitor remediation actions, validate closure, and ensure sustainability of corrective measuresCollaborate with IT, Security teams, and other cross-functional stakeholders to provide risk insights or guidance on risk and control expectations for new and existing systemsContribute to the continuous improvement of assurance methodologies, frameworks, and processesStay updated with emerging cyber threats, industry trends, evolving technologies, cloud risks, and changes in the regulatory landscapeYour profile:
A minimum of 6+ years of dedicated experience in IT/ cyber audit, or second-line assurance, or cybersecurity implementation or GRC role, with a proven track record of leading complex audits/assurance reviews or implementation projects from planning to reportingBachelor’s or Master’s degree in IT, Information Security, Risk Management, or a related fieldPractical experience in various security domains, such as: Cloud Security Network Security Vulnerability Management Penetration Testing SIEM / SOC /CERT Encryption Identity & Access Management / Privileged Access Management (PAM) Software Development & Change Management Artificial Intelligence (AI) Risk / AI Governance Strong knowledge of IT governance and control frameworks such as COBIT, CSA‑CCM, ISO/IEC 27000 series, ITIL, and relevant EU regulationsCertifications such as CISA, ISO 27001 LA/LI, CISM, CISSP, CRISC are preferredExperienced in audit/assurance techniques, developing risk-based testing strategies, sampling methodologies, and mentoring junior team membersAbility to identify root causes, understand cross-domain risk impacts, and translate complex technical and regulatory issues into business implicationsStrong communication, negotiation, and influencing skills; comfortable presenting findings and building credibility with senior stakeholdersStrong understanding of the Three Lines of Defense modelLanguages: Excellent command of English (written and spoken)Why Deutsche Börse Group?
We are committed to providing a work environment where everyone feels welcome and can reach their full potential. Our standards go far beyond simply matching candidates with the right position.
Mobility
We enable you to move freely with our job tickets, job (e-)bikes and free parking opportunities.
Work environment
Collaboration, communication, or deep focus – in our modern office buildings you will find the perfect work environment. Free drinks and food and meal allowances included.
Health and wellbeing
We care for your health and wellbeing and besides various health promotion measures we offer you a group accident insurance and additional insurance offers at discounted rates.
Financial stability
We provide financial stability by offering attractive salaries, company pension schemes, participation in our Group Share Plan, as well as bonuses, subsidies and discounts.
Hybrid work
Collaborate and exchange on-site or work remotely several days a week in line with business needs and local regulations. Our hybrid working model combines the best of both worlds.
Flexible working hours
We want your job to fit your life situation and offer flexible working time models, childcare allowance, or the possibility to study alongside your job.
Internationality
Our market infrastructures are globally connected. Working with us means collaborating with like-minded colleagues across over 60 locations from more than 100 nations.
Development
We promote individual development by offering internal development programmes, mentoring, further education and training budgets.
