Job Description

:

Position Description Detalles del puesto



Role title: IT Risk and Control \xe2\x80\x93 Application Risk Manager

Profession: Technology \xe2\x80\x93 Engineering

Division: TDI IPB Technology Spain

Position role reports to: ITRC Manager Spain

Corporate Title: Assistant Vice President

Location: Pune

Number of roles required: 1

Position Description

The candidate will advise and support application development and support teams to build security-by-default when designing and developing applications or implementing new technical solutions in response to business problems. In this sense, the candidate will actively participate in both, RTB and CTB processes with ITAOs and application support teams in the design and maintenance of the application and its security controls and components.

The candidate will be part of the transformation program of the company and key to internalize the knowledge.

The candidate should have deep knowledge on systems and applications security controls under him/her control to define their evolution, evaluate the impact of potential risks and security requirements, manage changes in the application security and collaborate in the analysis and implementation of new security initiatives and controls.

The candidate will be integrated in the team responsible for IT risk and control management and will provide support to the following banking process:

• Technical Information Security Officer (TISO, TISO-D)
• Application Security, Risk and Control Management
• Non-Financial Risk Management.

Position Specific Responsibilities and Accountabilities

An IT Risk Manager will cover next functions within each IT Risk area:

Technical Information Security Officer (TISO, TISO-D)

In the role of a Technical Information Security Officer or TISO (including TISO-D), candidate will in accordance with the timelines and processes set forth in the KOPs perform the following tasks using the relevant systems:

• In cooperation with the BISOs the TISO must ensure the compliance of their IT assets as described in the Information Security Policy, including security testing and monitoring:

• Control and Support Application Security Testing processes (coverage and compliance): dbACS, VAST, APT, IVT, EVT, Tech Refresh and Patch Compliance.
• Regular monitoring of application security alarms, events and reports: ConMon, ArcSight, dbDAM, CyberArk, Data downloads and other local processes; and Security Incidents.
• Lead and participate on the implementation of new application security controls and requirements (e.g. TABM, ConMon, etc.)
• The TISO needs to coordinate with the BISOs to ensure comprehensive information security risk management coverage of their applications. The TISO will support and work together with the BISOs to perform risk assessments and compliance evaluations for their applications (coverage and remediation).
• Implements controls for identified information security risks in his/her infrastructures. If this is not possible or not desired, the TISO ensures that an appropriate dispensation to accept the residual risk identified due to the lack of controls is obtained via the risk acceptance process as described in the DB Group Operational Risk Acceptance Policy.
• Ensures that infrastructure entries regarding information security in the DB Group\xe2\x80\x99s inventory of infrastructures is up to date.
• Guarantees appropriate documentation of information security risk management in their area of responsibility. This includes major decisions, identified and assessed risks as well as risk mitigation measures.
• Ensures the availability of significant application documentation related to Security Concepts and Access Control Models.
• Advises the BISO of all application releases and instruct where the Information Security Policy may have been impacted (e.g. additional data feeds).

Application Security and Risk Management.

• Helps and supports ITAOs to define access control and user authorization setup for Application support teams (DEV/L2/L3) and technical accounts (Access Models).
• Advises and supports ITAOs regarding application access requirements and controls:

• Standard ID Admin and Access Control tools.
• IDAHO follow-up of coverage.
• Continuous monitoring tools.
• Other security requirements and controls during the development lifecycle.

Non-Financial Risk Management

• Risk Management processes

Provides support and assurance on risk analysis and compliance with risks management processes within the bank, support risk assessments and self-evaluations when IT function is in-scope.

Supports ITAOs and Finding Owners with timely remediation of IT risks and gaps.

People Management

The candidates must have demonstrated proficiency in working with global and local teams, managing vendors and/or 3rd parties.

The candidates will be able to work in a collaborative environment.

Experience

3 to 5 years in IT security and risk management processes.

Education/ Qualifications

• Degree in Engineering, Telecommunications, IT or similar.
• English proficiency required.
• Experience and knowledge of banking business and its operations.
• Experience in application solutions from technological perspective. Ability to understand key aspects of technical platforms and infrastructure, generate ideas and create effective solutions.
• Experience with technical documentation, architectural diagram, components, flows, use cases.
• DevOps-oriented mind-set.
• Person with solid technical knowledge and able to understand complex business processes and workflows.
• Teamwork capacity with multidisciplinary teams.
• Leadership and communication skills.
• Ability to identify risks, resolve conflicts and plan tasks.
• Demonstrated ability to work under pressure and meet deadlines.
• Knowledge of methodologies in applications development (e.g. Agile).

Our values define the working environment we strive to create \xe2\x80\x93 diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.

We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.

Visit to discover more about the culture of Deutsche Bank including Diversity, Equity & Inclusion, Leadership, Learning, Future of Work and more besides.

Deutsche Bank