Deutsche Börse Group is one of the largest exchange organisations worldwide. It organises markets characterised by integrity, transparency and safety for investors who invest capital and for companies that raise capital – markets on which professional traders buy and sell financial instruments according to clear rules and under strict supervision. With its services and systems, Deutsche Börse Group ensures the functioning of these markets and a level playing field for all participants – worldwide.
However, Deutsche Börse Group's products and services are by no means limited to trading “as such”: its business areas cover the entire value chain in the financial services sector, ranging from pre-IPO services and the admission of securities, through trading, clearing and settlement to custody services and other financial instruments, along with collateral and liquidity management. Additionally, the Group provides IT services, indices and market data worldwide.
Field of activity
Eurex Clearing AG Information Security second line of defense organisation is responsible for the cyber security risk assurance program, cyber resilience, steering of IS processes, IS controls and IS compliance activities.
- You will be supporting Eurex Clearing AG Chief Information Security Officer in a small 2nd Line of Defense unit. In collaboration with other Deutsche Börse Group functions you develop and manage information security and risk controls.
- Support the implementation and maintenance of the information security risk assurance program, including IS control requirements consistent with ISO 27000-series based on the analysis of the threat landscape, applicable policies, standards, and regulations.
- Analyse, improve and document information security aspects in relevant business and IT processes.
- Conduct risk assessments and support reporting on material risks and further Information Security related topics as part of the quarterly reporting to the executive and supervisory boards.
- Control and assess service provider, i.e. monitor services, work products, KPIs, and controls compliance.
- Provide required evidence in audits (internal audits, ISAE reports, regulatory or customer questionnaires).
- Conduct ongoing and yearly review tasks regarding Risk Management, Outsourcing and Material Change Management.
- Support track incidents together with CERT.
- Actively and professionally engage with business operations and IT in conversations that drive adequate IS risk decisions.
- Ensure employees and third parties understand, acknowledge, and fulfil all applicable information security policy requirements.
- University degree (master or diploma) in IT or business administration or comparable education; IT knowledge is a must.
- Minimum 2 years of experience in IT security, information security risk management, or IT audit in the financial sector. Preferable with focus on 2nd LoD activities.
- Experience with information security risk management frameworks, esp. ISO 27000.
- Analytical skills and experience to understand, structure and prepare/explain complex topics; end-to-end thinking required.
- High self-responsibility & ownership; result orientation and (internal) customer focus.
- Ability to develop a full and deep understanding of the business / IT operations and related information security risks.
- Proficiency in written and spoken German and English.