Overview
TDI – Information Security Analyst – AVP Jobs in Singapore, Singapore at Deutsche Bank
Title: TDI – Information Security Analyst – AVP
Company: Deutsche Bank
Location: Singapore, Singapore
Type: Full Time
Category: IT/Tech, Security
TDI – Information Security Analyst – AVP
Job :
R0364090
Full/Part-Time:
Full-time
Regular/Temporary:
Regular
Listed:
Location:
Singapore
Position Overview
We are looking for a knowledgeable Information Security Analyst to operate as a member of the Chief Security Office (CSO) Third Party Security team (TPS). As an Information Security Analyst, you will be responsible for supporting the development, execution, and maintenance of Deutsche Bank’s information security strategy and program under the management of the CSO. You will work in strategic alignment and partnership with Deutsche Bank’s Third-Party Risk Management (TPRM) program under Third Party Management (TPM).
Your key responsibilities:
Conducting Information Security Third Party risk assessments as part of the overall Third-Party Risk Management process (incl. onsite visits/reviews at our Third Parties). Review Third Party policies and evidence related to Information Security, review Third Party security gap analysis against the Deutsche Bank security requirements. Conduct risk review and business impact analysis of the identified gaps and provide comprehensive documentation of the identified gaps.
Track Third Party and services, escalate issues when necessary. Formulate remediation recommendations, and actively work with Third Parties and project managers on Information Security related findings to resolve issues as quickly as possible to help build and strengthen the relationship. Support and coordinate Third Party Information Security Review processes, track Third Parties and services, escalate issues when necessary, negotiate with Third Party, business units, and legal team on the contractual security obligations.
Assist with compliance and
risk assessment
programs which support corporate wide security programs and participate in additional key control projects related to the overall enhancement of the assessment function. Ability to provide constant
communication
with involved stakeholders (within in the Bank and outside the Bank). Provide response and necessary artifacts for Regulatory queries across all regions (globally). Supporting the team to improve the overall security control framework (e.g. new controls, enhancement of existing controls).
Ability to document and present information security risks in a clear, concise, and understandable manner at various management levels in the bank and/or to the Third Party.
Your skills
and experience:
Minimum 5 years of experience in IT Security and Information Security (both technical and organizational controls). Working
Experience with
ISO
27001 standard and current industry and agency standards, best practices and frameworks including NIST, ENISA, ISO
27001, ISO
27017, SOC2, PCI, and MITRE ATT&CK. Proven
Experience with
Cloud Security Alliance (CSA), Cloud Controls Matrix (CCM), and/or CSS Consensus Assessment Initiative Questionnaire (CAIQ). Understanding of financial regulations or guidance which impact information security (e.g.: EU Cybersecurity Act, MAS & HKMA TRM, EBA Guidelines, DORA, GDPR, NYDFS, Sox, etc.). Knowledge of technical and organizational controls regarding Information Security, and Risk Management principles. Understanding of banking/financial industry and ser…
