R0258179 CRO - Non-Financial Risk Management, Risk Specialist - Information Security & Technology -

Deutsche Bank
Singapore, Singapore
08 Mar 2023
23 Mar 2023
Job Function
Risk Management
Industry Sector
Finance - General
Employment Type
Full Time
Details of the Division and Team:

As a Risk specialist you join the Non-Financial Risk Management (NFRM) team in Singapore to manage Information Security risk type in the second line of defense (2LoD) function in Asia Pacific (APAC). This role reports to the Regional Head of Information Security Risk (ISR) in APAC, with NFRM being an independent risk function reporting globally to the Group Chief Risk Officer and locally to the APAC Chief Risk Officer.

Deutsche Bank applies a three Lines of Defense (LoD) model to manage its financial and non-financial risks. In this model, the second LoDs define and maintain an effective risk management framework for their risk types with minimum control standards and a related governance structure.

What we will offer you:

A healthy, engaged, and well-supported workforce are better equipped to do their best work and, more importantly, enjoy their lives inside and outside the workplace. That's why we are committed to providing an environment with your development and wellbeing at its center.

You can expect:
  • Flexible benefits plan including virtual doctor consultation services
  • Comprehensive leave benefits
  • Gender Neutral Parental Leave
  • Flexible working arrangements
  • 25 days of annual paid leave, plus public holiday & Flexible Working Arrangement

Your key responsibilities:
  • Information Security specialist should have an in-depth knowledge of Technology and Information Security in large financial institutions and managing associated risks. Maintaining subject matter expertise is critical in the current environment, based on external threats and ongoing digital and automation enhancements to the operating model. Understanding of evolving regulatory requirements on Cyber Security and impact assessment on the Bank are required.
  • Information Security Specialist needs to effectively communicate and challenge technical experts as well as senior management.
  • Supporting the Regional Head and contribute to all activities performed in APAC region as the 2LoD for Information Security risk.
  • Work with stakeholders in 1LoD to support implementation of the Information Security risk management framework. Providing an effective, independent review and challenge to ensure completeness and correctness of the Bank's risk profile.
  • Lead and contribute to control assessments and mitigation initiatives relating to ISR including dynamic Risk and Control Assessments (RCA), deep-dives, and Scenario exercises.
  • Participating in review and challenge of Information Security controls in key transformation programmes such as Cloud adoption, digitalization, and others, across the core infrastructure as well as in business lines.
  • Ensuring risks are proactively identified, reported, and managed; and contributing to adoption of advanced tools and analytical capabilities for effective risk management and reporting.
  • Developing relationships with stakeholders in NFRM (Divisional and Country Coverage, other Risk Type Controllers); in the first LoD such as Group Chief Security Office (CSO), Divisional Chief Information Security Officers (D-CISO) and Embedded Risk Teams (ERT); and with other control functions such as Compliance.
  • Working closely with the global ISR team members (in Germany, America, and UK) and contributing to regional and global projects.
  • Audit and Regulatory engagement and representing ISR in internal governance councils / committees, with Group Audit (3LoD) and regulators as required.

Your skills and experience:
  • Minimum of 5 years' experience in a risk management function within an investment bank, consultancy or large technology company advising on Information security and Technology risks.
  • Possess professional industry certifications such as CISSP, CCSP, CCSK, CISA or CISM or equivalent.
  • Proven knowledge of Cloud architecture and experience in managing Information Security and Technology risks in a Cloud set-up such as digital transformation, cloud security, migration, cloud adoption
  • Proven knowledge of relevant assessment frameworks and/or standards (e.g., ISO/IEC 27000 Series, NIST, COBIT, SOC2).
  • Proven experience and knowledge of risk management principles and regulatory guidelines and frameworks for Information Security in Asia Pacific.
  • University degree (Computer Science, Business Administration, or equivalent).

Role is required to be performed on-site at One Raffles Quay office. Relevant vaccination requirement applies

How we'll support you:
  • Flexible working to assist you balance your personal priorities
  • Coaching and support from experts in your team
  • A culture of continuous learning to aid progression
  • A range of flexible benefits that you can tailor to suit your needs
  • Training and development to help you excel in your career
  • You need to sign in to save