The Group Security department directly contributes to the Deutsche Börse Group ICT strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity and availability by enforcing ICT controls based on the relevant regulatory requirements and the international standards like ISO 2700x-series on the Information Security Management System.
Area of work:
In this role, you will have a unique opportunity to contribute to a growing department at the heart of a dynamic global capital markets business. As part of the Information Security Risk Management team, you will help enforce the ICT Risk Framework in close collaboration with the CISO, Group Risk, Compliance Management, and Data Privacy functions.
Your primary focus will be on Cybersecurity Risk Management, our core area of expertise. You will act as a trusted advisor to business partners and senior management, providing expert consultation on cybersecurity risk matters. In addition, you will support a variety of ICT risk-related initiatives, helping to ensure that solutions are robust, compliant with regulatory requirements, our business strategy and aligned with industry best practices.
Your proactive mindset and strong interpersonal skills will be key to building trust and fostering collaboration with stakeholders across business and technology. You will thrive in a friendly, cooperative, and supportive environment that values initiative and teamwork.
Your responsibilities:
1. Provide expert consultation to the organization on Cyber Security Risk Management matters supporting informed decision-making.
2. Conduct risk assessments for ICT assets, including applications, infrastructure, and cloud.
3. Support the development and implementation of risk treatment plans, ensuring appropriate mitigation strategies are in place.
4. Maintain and enhance risk assessment methodologies and tools to ensure consistency and effectiveness.
5. Collaborate with internal stakeholders (e.g., asset owners, security teams, risk decision makers) to identify, evaluate, and mitigate cyber risks.
6. Monitor and report on the status of identified risks and treatment actions, ensuring timely resolution and escalation where necessary.
7. Contribute to the continuous improvement of the ICT Risk Framework and related policies and procedures.
8. Assist in preparing documentation and evidence for internal audits and regulatory reviews.
Your profile:
9. Master’s degree in information technology, Cybersecurity, Business Informatics or comparable education.
10. 3+ years of experience in IT risk management, Cybersecurity, GRC, IT Audit or similar.
11. Familiar with general legal and regulatory frameworks in the financial industry, for example DORA, NIS2, EBA Guidelines on ICT and security risk management, and industry standards like ISO/IEC 2700x or NIST.
12. Certifications like CRISC, CISA, ISO 27001 Lead Implementer or similar is an advantage.
13. Strong analytical skills and problem-solving skills, with attention to detail.
14. Autonomous and resilient, with strong planning and organization skills.
15. Excellent communication and interpersonal skills, with the ability to engage stakeholders across all levels both verbal and written in English (German would be considered an asset).
Why Deutsche Börse Group?
We are committed to providing a work environment where everyone feels welcome and can reach their full potential. Our standards go far beyond simply matching candidates with the right position.
Mobility
We enable you to move freely with our job tickets, job (e-)bikes and free parking opportunities.
Work environment
Collaboration, communication, or deep focus – in our modern office buildings you will find the perfect work environment. Free drinks and food and meal allowances included.
Health and wellbeing
We care for your health and wellbeing and besides various health promotion measures we offer you a group accident insurance and additional insurance offers at discounted rates.
Financial stability
We provide financial stability by offering attractive salaries, company pension schemes, participation in our Group Share Plan, as well as bonuses, subsidies and discounts.
Hybrid work
Collaborate and exchange on-site or work remotely several days a week in line with business needs and local regulations. Our hybrid working model combines the best of both worlds.
Flexible working hours
We want your job to fit your life situation and offer flexible working time models, childcare allowance, or the possibility to study alongside your job.
Internationality
Our market infrastructures are globally connected. Working with us means collaborating with like-minded colleagues across over 60 locations from more than 100 nations.
Development
We promote individual development by offering internal development programmes, mentoring, further education and training budgets.