IT Security & Governance Specialist (f/m/d)

Your area of work:
The Xetra/Eurex Operations team at Deutsche Börse is central to the daily operation and management of our trading, clearing, and risk systems. Within this team, the Security & Governance Unit plays a critical role. We interface with the central Information Security department, manage IT disaster recovery and DORA-related topics, and guide our development and operations teams in translating security and compliance requirements into robust operational processes and technical solutions. In this role, you will be instrumental in creating and maintaining the necessary documentation and processes to meet key regulatory standards such as MaRisk, BAIT, DORA, and KRITIS.

Your responsibilities:

• Align, track, and consult on the yearly review and update of XEOps documentation and procedures in line with DBG 2nd line guidelines and international best practices.

• Consult and support the development, change, and implementation of internal procedures, documentation, and templates, with a focus on coverage of requirements from 2nd line guidelines and procedures.

• Prepare and deliver on reporting requests from 2nd Lines and Legal Entities regarding required controls and KPIs.

• Consult and support the teams on IT audit evidence requests.

• Track identified audit findings for IT assets and support the closure of procedural findings.

• Consult on and support disaster recovery documentation and reports for IT applications and infrastructure, delivering on requirements from DORA and the DBAG Resilience Guideline.

• Collaborate with XEOps infrastructure and application support teams on the conception and implementation of Backup & Restore concepts, addressing DORA's IT resilience requirements.

• Act as a Point-of-Contact and collaborate with the support teams and Application Owners on tasks related to Information Security.

• Work with IT Product teams and key stakeholders to identify, analyze, and mitigate gaps in the implementation of required security controls from Group Security and 2nd line.

• Consult and contribute to Risk Assessments and Risk Management of IT applications and infrastructure with relevant stakeholders and Subject Matter Experts.

• Consult on remediation solutions for vulnerabilities and penetration test results with the IT Support Groups.

• Address identified vulnerabilities to responsible teams, inform managers, and track follow-up activities to ensure timely resolution.

• Support the preparation of regular PAM reports from the Privileged Access Inventory and related Account Controls using the relevant scripts.

Your profile:

• Knowledge of the legal and regulatory requirements relevant to the Financial Market (e.g., KRITIS, BAIT, DORA) and requirements for risk management.

• Strong understanding of international IT best practices and standards (e.g., COBIT, ITIL, ISO2700x) and a good knowledge of IT process design.

• Good understanding of threats and security concepts for ICT infrastructure, platforms, and applications (e.g., network infrastructure, operating systems, databases, middleware, and web application hardening).

• Proven knowledge of Identity and Access Management (IAM) & Privileged Access Management (PAM).

• Programming skills (e.g., shell scripts, Python).

• A passion for IT governance and information security, with a strong desire to learn and deliver high-quality results.

• Proficiency with the Office365 suite and ticketing systems (e.g., JIRA).

• Nice to have: Security-related certifications (e.g., OWASP, CEH, CCSP, CISSP) or a willingness to acquire a major certification.

• Nice to have: Governance-related certifications (e.g., COBIT, ITIL, NIS 2).