Technical Information Security Officer, AVP

Role Description

• The TISO acts based on the direction of and the tasks assigned by the Divisional TISO. The TISO is typically assigned a set of Application Software Assets and associated Databases (IT aspects only), Infrastructure Software Assets, IT Services, Hardware Assets or IT Assets associated with Building / Facilities. Therefore, the TISO assumes ownership for these assets from an IT Security perspective. The TISO executes all tasks that are assigned to this role based on defined and approved rules and processes.
• The Technical Information Security Officer (TISO) is 1st Line of Defence official of Deutsche Bank who is accountable for the security of enterprise information.

Your key responsibilities

The TISOs responsibilities within the assigned CIO unit(s) comprise:

• To accept the ownership and responsibility for assigned IT assets.
• To carry out the Information Security Risk and Compliance Assessments for the assigned IT assets and processes.
• To remain fully trained and skilled by completing the required Information Security training provided by CSO or as requested by the Principal TISO or the Divisional TISO.
• To support key role holders such as ITAOs and ISOs to develop a secure environment by evaluating the IT Security requirements as early as possible in the system development life cycle to select the applicable information security controls for implementation. To guide ITAOs on the implementation of compensating controls in case of deviations from the applicable information security controls.
• To approve the access control and user authorization approach of the assigned IT Assets. To execute and document periodical recertification of Access Rights in compliance with the DB Group Identity and Access Processes.
• To cooperate with key role holders such as ITAOs and Information Security Officers to put monitoring capabilities for IT Assets in place. To review the output of the monitoring jointly with the key role holders such as ITAOs, Information Security Offices and CSOs to avoid degradation of the required security level.
• To analyse and review the configuration of IT Assets and remediate gaps according to the applicable Information Security policies.
• To contribute to the Information Security Incident Management Process in the case of a security breach for their IT-Assets, if requested.
• To maintain the Information Security related documentation of assigned IT Assets in the DB Group IT Asset inventory.

Your skills and experience

• Industry experience of 6-10 years.
• Rounded knowledge and experience of all the following Information Security processes;
• Application and Infrastructure Security
• Identity and Access management
• Information Security Incident and Problem Management
• Information Security Governance for business and technology
• Information Security Risk Management
• Expert knowledge of DB Information Security Principles, Policies, and Procedures
• Profound experience in business and IT processes and respective Information Security requirements.
• Extensive experience with financial markets and institutions.
• Excellent analytical skills, flexibility regarding problem solving.
• Excellent communication skills, fluent in English and local language (written/verbal) as appropriate.
• Ability to work in fast paced environment and keep pace with technical/ operational innovation.
• Open minded, able to share information, transfer knowledge and expertise to team members.
• Keeps pace with technical/operational innovation & maintains understanding of the CIO technologies, as well as CISO service and technology offerings.

Education/Certification

• Degree in Information Security or a comparable education

• In addition, the following education/certification attainment will be beneficial:

• CISSP (Certified Information Systems Security Professional) or equivalent.

• ISSMP (Information Systems Security Management Professional).
• CISM (Certified Information Security Manager) or equivalent.