Job Description

:

In our department, we have the mandate to design, implement, train, and monitor the governance to ensure the confidentiality, integrity, and availability of IT assets in the group, including third parties. In addition, we apply modern Quantitative Risk Assessment Methodology to drive precise decision-making in the organisation.

We have around 50+ colleagues spread across 3 locations in Denmark, India, and Lithuania, in Technology Risk and Controls (TRC) department. We are looking for a colleague to join the Technology Risk Assessments (TRA) Service (within the TRC department). In our service, we host Security Healthcheck (SHC), Third Party Security Healthcheck (TPSHC) and Risk Profiling (RP) Business Service Offerings. SHC/TPSHC is IT controls gaps self-assessment process, where we provide tooling to complete technology risk self-assessment for internal and external IT assets. The results of the assessments are hosted with RP processes.

*Depending on your experience and knowledge we may offer you different seniority of the role.

You will:

• Work with SHC/TPSHC requests (review submitted responses to questionnaires (technology controls efficiency), validate responses, register technology risks based on results of SHC/TPSHC, peer review requests, etc.
• Be involved in all Technology Risk lifecycle stages. Mainly in the identification and assessment stages, with a focus on the most critical IT assets.
• In addition, you may be involved in RP related activities (advisory on risks mitigation plans, ad-hoc technology risk registration, technology risk register administrative activities, registered technology risks review, technology risk monitoring activities, etc.).
• While your main focus will be SHC/TPSHC requests, you might be involved in process improvement initiatives and/ or ad hoc project tasks related to TRA service.

About you:

• 1-3 years experience in IT security, Technology risk and control encompassing or equivalent (e.g. Risk management, Controls management experience)
• Working familiarity with the ISF Standard of Good Practice, NIST CSF, ISO27k, PCI DSS, or similar
• IT security control assessments experience on services, applications, infrastructure components, etc.
• Experience in Technology Risk treatment decision process (Technology Risk mitigation plans)
• An understanding of Quantitative Risk Assessment Model
• GRC (Governance Risk Compliance) tooling (preferably ServiceNow)
• Advanced English
• Great soft skills and ability to work under time pressure conditions
• Approachable, pragmatic, and smart worker
• You're a curious motivated person who is eager to collaborate with others and it's easy for you to adapt to different situations and make things happen

About Us:

Danske Bank is a Nordic bank with bridges to the world around us. For 150 years, we have supported people and businesses in releasing their potential. A career with us is an opportunity to join a community of 22,000 colleagues in a culture where we are committed to Teaming Up, Owning It and Being Open. Together, we are on a journey to transform Danske Bank into a better bank. For our customers, our employees and the societies around us.