IT Security & Compliance Officer (f/m/d)

Your area of work:
Deutsche Börse Xetra/Eurex Operations is responsible for the day-to-day operations, deployment, and handling of applications and databases. Xetra/Eurex Operations covers the full scope of the Deutsche Börse Trading (Xetra, Eurex, etc.), Clearing and Risk systems including their infrastructure.

The Security & Governance Unit handles the interaction with the central Information Security Area, the related Application Development and IT Operation Teams. It supports in the translation of Security and Compliance Requirements into changes of operational processes. 

In this position of our team, you support our peers and colleagues to create and maintain the required documentation and processes to fulfill the IT compliance requirements, with a special emphasis on the Minimum Requirements for Risk Management (MaRisk), the Bank's Regulatory Requirements IT (BAIT) and KRITIS for Information Security (BSI).

Your responsibilities:

• Align with key stakeholders of Applications owners and IT Support Groups to analyse, define and deliver security controls to fulfil DBG standards and regulatory requirements.
• Support our IT Support Groups and development teams in understanding of requirements from regulation.
• Support the development and maintenance of comprehensive procedural & processual documentation that meet organizational and regulatory requirements.
• Support the team on document requests e.g. for audits and in respective assessments. Coordinate audit activities in terms of alignment with the affected organisational units and collect relevant documentation.
• In our team you work in proactive collaboration with units of Information Security and act as Point-of-Contact for the related tasks in the IT Product.
• Support our team performing required Risk Assessments of IT applications and platforms together with the stakeholders, and development and maintenance of related documentation.
• The team coordinates the creation and review of Guidelines, Technical Security Baselines, Processes and Procedures in line with DBG Policies and Standards and international standards of quality management, e.g. COBIT Framework.
• Work with project management to define and deliver project tasks within waterfall and agile frameworks.
• Recognize and deal appropriately with confidential and sensitive information.

Your profile:
Personal skills:

• University degree in computer science or business informatics, economics, finance, law or comparable qualification with a focus on IT.
• Good communication skills in written and spoken in English and German (minimum B2).
• High degree of teamwork, lateral thinking and problem-solving skills.
• High degree of self-organisation, flexible and self-motivated. 
• Ability to quickly learn and understand complex topics.
• Obtain and maintain a good understanding of our services, processes, organizational and regulatory landscape.
• Work experience with industry best practices and a documentation methodology with clear content in English and German, that meets the needs of the internal and external target audiences.
• Ability to meet challenging project deadlines and deliver in a fast moving and change oriented environment.
• Ability of coordination and handle tasks with an eye for prioritization.

Highly desirable:

• Knowledge of the legal and regulatory requirements relevant to Financial Market (KRITIS, BAIT), in particular about the minimum requirements for risk management (MaRisk).
• Knowledge of international IT best practices and standards applicable for IT management (e.g., COBIT, ITIL, ISO2700x, IS0 2000x or similar reference models).
• Good understanding of Infrastructure, Platform and Application security concepts & threats (Network Infrastructure, Operating Systems, Database, Middleware and Web applications hardening measures).
• Demonstrate passion and motivation for information security and a desire to learn.
• Ambitious to deliver good quality results.
• Knowledge of Office365 suite, Ticketing Systems (e.g., JIRA).