Job Title- Associate

Location- Pune

Role Description

The candidate will advise and support application development and support teams to build security-by-default when designing and developing applications or implementing new technical solutions in response to business problems. In this sense, the candidate will actively participate in both, RTB and CTB processes with ITAOs and application support teams in the design and maintenance of the application and its security controls and components.

The candidate will be part of the transformation program of the company and key to internalize the knowledge.

The candidate should have deep knowledge on systems and applications security controls under candidate control to define their evolution, evaluate the impact of potential risks and security requirements, manage changes in the application security and collaborate in the analysis and implementation of new security initiatives and controls.

The candidate will be integrated in the team responsible for IT risk and control management and will provide support to the following banking process:

• Technical Information Security Officer (TISO, TISO-D)
• Application Security, Risk and Control Management
• Non-Financial Risk Management.

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities

Position Specific Responsibilities and Accountabilities

An IT Risk Manager will cover next functions within each IT Risk area:

Technical Information Security Officer (TISO, TISO-D)

In the role of a Technical Information Security Officer or TISO (including TISO-D), candidate will in accordance with the timelines and processes set forth in the KOPs perform the following tasks using the relevant systems:

• In cooperation with the BISOs the TISO must ensure the compliance of their IT assets as described in the Information Security Policy, including security testing and monitoring:
• Control and Support Application Security Testing processes (coverage and compliance): dbACS, VAST, APT, IVT, EVT, Tech Refresh and Patch Compliance.
• Regular monitoring of application security alarms, events and reports: ConMon, ArcSight, dbDAM, CyberArk, Data downloads and other local processes; and Security Incidents.
• Lead and participate on the implementation of new application security controls and requirements (e.g. TABM, ConMon, etc.)
• The TISO needs to coordinate with the BISOs to ensure comprehensive information security risk management coverage of their applications. The TISO will support and work together with the BISOs to perform risk assessments and compliance evaluations for their applications (coverage and remediation).
• Implements controls for identified information security risks in candidate infrastructures. If this is not possible or not desired, the TISO ensures that an appropriate dispensation to accept the residual risk identified due to the lack of controls is obtained via the risk acceptance process as described in the DB Group Operational Risk Acceptance Policy.
• Ensures that infrastructure entries regarding information security in the DB Group’s inventory of infrastructures is up to date.
• Guarantees appropriate documentation of information security risk management in their area of responsibility. This includes major decisions, identified and assessed risks as well as risk mitigation measures.
• Ensures the availability of significant application documentation related to Security Concepts and Access Control Models.
• Advises the BISO of all application releases and instruct where the Information Security Policy may have been impacted (e.g. additional data feeds).

Application Security and Risk Management

• Helps and supports ITAOs to define access control and user authorization setup for Application support teams (DEV/L2/L3) and technical accounts (Access Models).
• Advises and supports ITAOs regarding application access requirements and controls:
  • Standard ID Admin and Access Control tools.
  • IDAHO follow-up of coverage.
  • Continuous monitoring tools.
  • Other security requirements and controls during the development lifecycle.

Non-Financial Risk Management

• Risk Management processes
• Provides support and assurance on risk analysis and compliance with risks management processes within the bank, support risk assessments and self-evaluations when IT function is in-scope.
• Supports ITAOs and Finding Owners with timely remediation of IT risks and gaps.

People Management

• The candidates must have demonstrated proficiency in working with global and local teams, managing vendors and/or 3rd parties.
• The candidates will be able to work in a collaborative environment.

Your skills and experience

Experience

• 3 to 5 years in IT security and risk management processes.

Education/ Qualifications

• Degree in Engineering, Telecommunications, IT or similar.
• English proficiency required.
• Experience and knowledge of banking business and its operations.
• Experience in application solutions from technological perspective. Ability to understand key aspects of technical platforms and infrastructure, generate ideas and create effective solutions.
• Experience with technical documentation, architectural diagram, components, flows, use cases.
• DevOps-oriented mind-set.
• Person with solid technical knowledge and able to understand complex business processes and workflows.
• Teamwork capacity with multidisciplinary teams.
• Leadership and communication skills.
• Ability to identify risks, resolve conflicts and plan tasks.
• Demonstrated ability to work under pressure and meet deadlines.
• Knowledge of methodologies in applications development (e.g. Agile).

How we’ll support you

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:

https://www.db.com/company/company.htm

Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.

We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.

Visit Inside Deutsche Bank to discover more about the culture of Deutsche Bank including Diversity, Equity & Inclusion, Leadership, Learning, Future of Work and more besides.