• Designing and operating an ITIL-based Security Problem Management process for Commerzbanks 1st Line of Defense;
• Identifying, analyzing and sustainably resolving recurring security weaknesses and structural issues;
• Leveraging data from SOC, incident management, vulnerability management, configuration management and other security-relevant systems to detect trends and systemic deficiencies;
• Leading root cause analyses for significant and recurring security problems;
• Coordinating cross-functional remediation activities across infrastructure, application, cyber hygiene and risk management teams;
• Tracking and validating the implementation of agreed remediation measures;
• Ensuring that lessons learned from incidents and findings are translated into durable improvements of controls, processes and architectures;
• Reducing the likelihood and impact of recurring security issues through structural and process improvements;
• Strengthening the effectiveness of preventive and detective controls across the 1st Line of Defense;
• Providing transparent KPI/KRI-based reporting on security problems and remediation status to management and the 2nd Line of Defense.

• High knowledge of ITIL Problem Management & Root Cause Analysis, including design, operation and continuous improvement of an ITIL-based security problem management process;
• Proven experience in leading structured root cause analyses (e.g. 5 Why, Ishikawa) and ensuring documentation and followup of identified causes;
• Good knowledge of Security Problem & Incident Data Analysis, including systematic evaluation of security-relevant data and incident information from 1st LoD teams, SOC / Incident Management and supporting tools (e.g. SIEM, case management, vulnerability and configuration data);
• Ability to identify recurring patterns, trends and systemic weaknesses with a focus on structural improvements;
• Experience with Cyber Hygiene & Control Effectiveness, including preventive and detective security controls (e.g. hardening, patching, identity and access management, endpoint security);
• Good knowledge of Regulatory & Risk Management(e.g. BAIT, MaRisk, DORA);
• Experience in developing, tracking and reporting KPIs/KRIs for recurring security problems and Cyber Hygiene measures;
• Ability to prepare clear decision templates and concise management reports for CISO, IT steering committees and 2nd LoD / risk management;
• Good knowledge of Governance, KPIs/KRIs & Reporting, including steering crossfunctional problemsolving activities across business, IT and security units in the 1st LoD;
• Strong skills in moderating workshops and conflict situations, ensuring alignment and driving binding decisions and implementation of measures;
• Ability to document causes, decisions and measures in a structured, auditproof manner and ensure lessons learned are available and reusable for 1st LoD operational teams.

In return, we offer:

• Good work-life balance, including 25 days annual paid leave (increasing with 1 day per year up to 31 in total), flexible working hours, work-from-home and work from abroad opportunities;
• Luxury package of additional health and dental insurance;
• Food vouchers in the amount of EUR 80 monthly;
• 6 additional annual days off for exceptional circumstances
• Employee assistance program for psychological, financial and legal consultations;
• Multisport card;
• Annual contribution of EUR 153.39 net per child for a summer camp/school/kindergarten for children up to age of 15;
• Possibilities for building career-advancing skills by covering training/certification courses and conferences based on individual learning and development needs, access to an online learning platform;
• Opportunities for long-term professional development in a stable, 150-year-old company while contributing to the vision of a new, just starting Digital Technology Center;
• Friendly and supportive multicultural environment, open to new opinions and ideas.

Commerzbank is proud to be an equal opportunity employer, committed to creating a diverse environment. All qualified applicants will receive consideration for employment without regard to gender, race, color, national origin, religion, gender identity or expression, sexual orientation, genetics, disability, age, or any other characteristics.

Learning Platforms; Children Summer Camp Contribution; Employee assistance program; Food vouchers; 6 Exceptional Days Off; 25 up to 31 annual paid leave; Multisport Card; Health& Dental Insurance; Work-life balance; Work internationally

Commerzbank is a leading international commercial bank with branches and offices in almost 50 countries. The world is changing, becoming digital, and so are we. We are leaving the traditional bank behind us and we are choosing to move forward as a digital enterprise.

As part of this strategy, Commerzbank continues the expansion of its Digital Technology Center in Sofia, Bulgaria. We need motivated people who will join us on this journey and we are looking for a Security Problem Manager in our Cyber Defense and Base Services team.

Cluster Cyber Defense & Base Services provides 1. LoD activities within the Commerzbank Cyber Security Organization. In addition, to these operational topics the cluster also develops and operates a variety of security tools which are used by the operational units SOC and Threat Intelligence.

In the Cluster Organization, business analysts, engineers and product owners work together as a team. The agile methods support the team members in performing their functions by facilitating a rapid and flexible response to changing conditions and customer needs through an iterative approach and the continual development of new solutions resulting into better products, higher quality, and more efficient processes.

The team works together to ensure that valuable functionalities are provided to customers and that existing products, processes and services are developed and improved in line with customer needs. To achieve this, the team members organize their own activities, working autonomously and with full accountability. Open communication and feedback are key to adopt a fail-fast approach recognize mistakes and move forward in the right direction.

Apply now with your up-to-date CV in English!

Due to the high volume of applications, we contact only the candidates who best match the role requirements. If you do not hear from us within 14 days, please consider that we won't proceed with your application at this stage.