Job Description

:

Job Title: Application Security Specialist
Location: Pune

DWS Group (DWS) is one of the world's leading asset managers with EUR 902bn of assets under management (as of 31 March 2022). Building on more than 60 years of experience, it has a reputation for excellence in Germany, Europe, the Americas and Asia. DWS is recognised by clients globally as a trusted source for integrated investment solutions, stability and innovation across a full spectrum of investment disciplines.

We offer individuals and institutions access to our strong investment capabilities across all major asset classes and solutions aligned to growth trends. Our diverse expertise in Active, Passive and Alternatives asset management - as well as our deep environmental, social and governance focus - complement each other when creating targeted solutions for our clients. Our expertise and on-the-ground-knowledge of our economists, research analysts and investment professionals are brought together in one consistent global CIO View, which guides our investment approach strategically.

DWS is transforming and growing its internal information security team. As the Application Security Assessment Specialist, within the Security Assurance team under CISO function, you will be responsible for assessing whether security controls are implemented in DWS applications before going to the production. You will support other security, technology and business teams to ensure applications are onboarded to the security platforms and are assessed against information and cyber security threat to minimize introducing a cyber risk for the organisation.

What we'll offer you:

As part of our flexible scheme, here are just some of the benefits that you'll enjoy:

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities:

• Support the Head of Security Assurance in defining and deploying Application Security Assessment framework and respective processes
• Define, document, and maintain application security standard, procedures, and controls
• Conduct an application security assessment to ensure security threat is assessed and address before going into production
• Ensure applications are meeting DWS information security requirements and security debt and associated risk is assessed and tracked accordingly
• Support a threat driven Information Security Risk oriented application development to the application owner
• Support automation of CISO services onboarding capabilities
• Control Assurance Review of Information Security Self-Assessments provided by the Application Owners
• Support on threat surface identification and resolution from both, the Risk Assessment process and other identified risk related issues
• Support the development, testing and management of IS Security Compliance campaigns based on business requirements (incl. documentation and training)
• Control Assurance processes and evidence reviews across DWS's application portfolio to support risk mitigation of non-compliant controls
• Recommend security measures to remediate open gap
• Supporting alignment with all other Control Functions for Operational Readiness

Your skills and experience:

• Proven track record in application security assessment activities
• Experience in defining application security policies, standards, requirements and controls
• Experience in DevSecOps, CI/CD, Cloud deployments
• Several years' experience in financial industries and / or information security- / risk management
• Experience in Information Security( both technical and organizational controls) Understanding of asset management industry and services to be able to evaluate impact of security risks is beneficial
• Solid understanding of Risk Management principles
• Proven experience with Information Security Standards (e.g. ISO27001, )
• Relevant certification e.g. CISSP, CISA, ISO27001 Lead Auditor would be preferred
• Understanding of current industry and agency standards, best practices, and/or frameworks i.e.: MITRE ATT&CK, NIST, ENISA, ISO27001, SOC2, SoX, PCI, etc.
• Ability to explain, document and present Information Security risks in a clear, concise and understandable manner, ability to present a big picture and connect the dots
• A degree in IT, security management, business informatics or relevant experience in security field

How we'll support you:

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:

Our values define the working environment we strive to create - diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.

We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.

Click to find out more about our diversity and inclusion policy and initiatives.