Job Description
Corporate Title: AVP
Division: Global Real Estate
Location: Pune, India
Overview
The Information Security Officer (ISO) is part of the Global Real Estate (GRE) Divisional Vendor Management Office (DVMO).
The Global Real Estate (GRE) Division's primary objective is to manage the real estate portfolio of Deutsche Bank inclusive of procurement, operations, and strategic planning. The Divisional Vendor Management Office (DVMO) is responsible for implementing key elements of the end-to-end vendor management framework, therefore ensuring the most efficient and effective execution of any sourcing event in full compliance with the groups policies and standards.
The GRE DVMO ISO role is responsible for assigned GRE applications, ensuring compliance with DBs Group Information Security requirements in-line with the Information Security Risk (ISR) framework. This is done in harmony and in close partnership with the responsible stakeholder teams, in particular the GRE COO D-ISO function, other Divisional ISOs, ITAOs (IT Application Owners), as well as the Chief Security Office (CSO).
What we'll offer you
As part of our flexible scheme, here are just some of the benefits that you'll enjoy
• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above
Key Responsibilities – ISO:
• To ensure Information Security risk assessments and compliance evaluations for assigned IT assets are performed
• To provide sufficient information related to the business context, information sensitivity and nature of usage of an application, including identification and implementation of controls for identified Information Security risks in their area of responsibility
• To identify and describe application and business process dependencies (upstream and downstream) for integrity and availability evaluations, including changes
• To agree assessment results and track remediation, including follow-ups and mitigating actions
• To resolve data quality issues pertaining to the application portfolio
• To support Identity and Access management functions with regard to application recertification (including selection and onboarding to central recertification platform), user groups and entitlements including their functional conflicts.
• To cooperate with the D-ISO / D-CISO to address requests for policy interpretation, guidance and advice, to ensure creation of divisional policies in accordance with the IS Policy Governance and to support policy authors by raising questions to the policy advisory team
• Analyze the root cause for delays or incorrect processing and propose sustainable solutions
• Generate MIS for multiple IS topics and to assist senior management identify risks
• Support the wider D-CISO office where required
• Any adhoc analysis and presentations
• Identify areas for improvement in processes in terms of both efficiency and quality
• Ensure the GRE is compliant with regulatory requirements for Application Information Security including analysis of legacy state (roles, users, documentation) and mitigate control gaps to maintain 100% application security and completeness:
• To manage information security in GRE, the ISO performs this role based on the policies, processes and standards established by the bank's Chief Security Office, the Information Security Risk Function and the Information Security Management System defined by the CISO:
• Evaluation of the risks triggered by GRE applications to protect GRE data management.
• Integrate security controls on each technology layer including data, devices and applications, and constantly monitoring our systems to detect threats and respond to incidents worldwide.
The GRE DVMO ISO is also responsible for fulfilling the the Segregation of Duties (SoD) Manager role. The SoD Manager acts as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility.
Key Responsibilities – SoD Manager:
• To design and implement SoD Rules (for applications) in close collaboration with the ISO as well as other SoD Managers or stakeholders who may be affected by these rules. This includes the regular review of these rules and any necessary amendments
• To assess and remediate any SoD violations detected within their area of responsibility by either revoking inappropriate access or ensuring adequate compensating controls or exception handling procedures
• To assess the impact of inappropriate access on business operations and identify if there are indications for improper use of this access
• To act as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility
• Liaise and coordinate with Central SoD Governance team and attend SoD forums
Skills & Experience (Recommended)
• Good knowledge of Information Security Risk
• University degree and experience in banking operations or the financial industry
• Knowledge of the relevant assessment frameworks and/or standards (e.g. ISO/IEC 27001, COBIT5) is an advantage
• Relevant professional certifications are an advantage: e.g. B. CISSP, CISA, ISO27001 Lead Auditor or similar
• Ability to manage multi-task assignments and prioritize efficiently with limited oversight and resilience
• Analytical skills to assess risks and control processes
• Strong interpersonal skills; ability to build a network with company stakeholders
• English language skills
• Excellent analytical skills and proficient knowledge of MS Office tools/apps
Education | Certification (Recommended)
• Bachelor's/Master's degree in Finance, Information Technology and/or Information Security (or equivalent) from an accredited college or university (or equivalent)
How we'll support you
• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs
About us and our teams
Please visit our company website for further information:
Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, ****** orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.
Click to find out more about our diversity and inclusion policy and initiatives
💡 Quick Summary
Seeking a career-building opportunity? The Service Delivery Associate position is now open for candidates interested in the Bank Jobs sector. This role in Pune offers a professional environment and growth potential.
Requirement Snapshot: Candidates should possess basic communication skills, a proactive attitude, and the ability to work in a team. Experience in Bank Jobs is a plus.
