Logo Deutsche Börse AG

Senior Specialist IT Audit & Cyber Risk

Deutsche Börse AG

Job

  • Level
    Senior
  • Job Field
    IT, Security
  • Employment Type
    Full Time
  • Contract Type
    Permanent employment
  • Location
    Frankfurt
  • Working Model
    Onsite

    • Job Summary

    In this role, you will develop risk-based assurance plans, conduct IT and IS assessments, test the effectiveness of security controls, and prepare comprehensive reports for management.

    Job Technologies

    Your role in the team

    • The Chief ICT Risk Office (CISO) combines IT & IS Risk Management in the 2nd Line of Defense. The department's mandate is to set the IT and IS (ICT) risk governance and framework, establish control objectives, control review methodology, and risk assessment methodology, conduct independent risk assurance of 1st Line of Defense ICT controls (IT and IS controls), and independently monitor and report on the level of ICT risks as well as to drive transformation and collaboration.
    • In this role, you will be part of the ICT Risk Assurance team, performing continuous monitoring and oversight to confirm that our ICT controls are well-designed, correctly implemented, and operating effectively to protect the organization.
    • Design and implement risk-based assurance plans aligned with internal and regulatory requirements.
    • Lead and execute IT & IS assurance assessments to evaluate risks across applications, infrastructure, cloud platforms, and network/security processes.
    • Ensure IT systems and processes comply with relevant laws, regulations, and standards, including DORA, MaRisk, CSSF, NIST, ISO 27000, etc.
    • Test the effectiveness of IT General Controls (ITGC) and cybersecurity controls across Access Management, SDLC & Change Management, Encryption, Third-Party Risk, Patch & Vulnerability Management, SIEM, Penetration Testing, IT Operations, and other security domains to identify gaps and improvement areas.
    • Prepare high-quality assurance reports with clear observations, identified risk, and actionable recommendations for management; effectively communicate complex technical issues to both technical and non-technical stakeholders.
    • Track and monitor remediation actions, validate closure, and ensure sustainability of corrective measures.
    • Collaborate with IT, Security teams, and other cross-functional stakeholders to provide risk insights or guidance on risk and control expectations for new and existing systems.
    • Contribute to the continuous improvement of assurance methodologies, frameworks, and processes.
    • Stay updated with emerging cyber threats, industry trends, evolving technologies, cloud risks, and changes in the regulatory landscape.

    This text has been machine translated. Show original

    Our expectations of you

    Education

    • Bachelor's or Master's degree in IT, Information Security, Risk Management, or a related field.

    Qualifications

    • Strong knowledge of IT governance and control frameworks such as COBIT, CSA-CCM, ISO/IEC 27000 series, ITIL, and relevant EU regulations.
    • Certifications such as CISA, ISO 27001 LA/LI, CISM, CISSP, CRISC are preferred.
    • Ability to identify root causes, understand cross-domain risk impacts, and translate complex technical and regulatory issues into business implications.
    • Strong communication, negotiation, and influencing skills; comfortable presenting findings and building credibility with senior stakeholders.
    • Starkes Verständnis des Drei-Linien-Modell der Verteidigung.
    • Languages: Excellent command of English (written and spoken).

    Experience

    • A minimum of 6+ years of dedicated experience in IT/ cyber audit, or second-line assurance, or cybersecurity implementation or GRC role, with a proven track record of leading complex audits/assurance reviews or implementation projects from planning to reporting.
    • Practical experience in various security domains, such as: Cloud Security, Network Security, Vulnerability Management, Penetration Testing, SIEM / SOC / CERT, Encryption, Identity & Access Management / Privileged Access Management (PAM), Software Development & Change Management, Artificial Intelligence (AI) Risk / AI Governance.
    • Experienced in audit/assurance techniques, developing risk-based testing strategies, sampling methodologies, and mentoring junior team members.

    This text has been machine translated. Show original

    Benefits

    Work-Life-Integration

    Health, Fitness & Fun

    More net

    Food & Drink

    Topics that you deal with on the job

    Job Locations

    • Location Frankfurt

      Hessen

      Germany

    This is your employer

    Deutsche Börse AG

    Deutsche Börse AG

    Deutsche Börse Group is one of the world's leading trading platforms. As a financial market organizer, the company offers a full range of services to cover the entire process: trading and clearing of securities and derivatives, netting and settlement of transactions, opening of accounts and provision of market information services.

    Description

  • Language
    English
  • Company Type
    Established Company
  • Working Model
    Hybrid, Onsite
  • Industry
    Banking, Finance, Insurance
    • Logo Deutsche Börse AG

    Senior Specialist IT Audit & Cyber Risk

    Deutsche Börse AG
    Location
    Frankfurt
    Working Model
    Onsite
    Diversity
    Open for all genders
    English Only
    English only required

    More Jobs