Your area of work:

As part of the Group Security function, you will contribute directly to Deutsche Brse Groups ICT strategy by helping safeguard the organizations information assets. Acting as a central service provider across the Group, the department ensures the confidentiality, integrity, and availability of information through robust security controls aligned with regulatory requirements and international standards such as ISO 2700x.

In this role, you will join the Information Security Risk Management team and play a key part in strengthening the ICT Risk Framework. You will focus on Cybersecurity Risk Management, partnering closely with senior stakeholders across business and technology to ensure effective risk identification, assessment, and mitigation within a highly dynamic and regulated capital markets environment.

Your responsibilities:

• Lead the development, implementation, and continuous improvement of cybersecurity risk assessment methodologies, processes, and tools
• Act as a subject matter expert in cybersecurity risk assessment and provide expert guidance to internal stakeholders
• Coordinate and conduct risk assessments for ICT assets in line with the Groups ICT Risk Strategy and policies
• Collaborate with asset owners and security teams to identify, evaluate, and mitigate cybersecurity risks
• Advise on risk treatment strategies and support the development of remediation plans
• Maintain and enhance risk scoring models, ensuring consistent application across the organization
• Prepare and present risk assessment outcomes to senior stakeholders, including risk owners and governance bodies
• Monitor regulatory developments and industry trends to ensure ongoing compliance and alignment with best practices
• Support internal and external audits, as well as regulatory inquiries related to cybersecurity risk management
• Contribute to the development of risk metrics and reporting for executive and board-level audiences

Your profile:

• Masters degree in Information Technology, Cybersecurity, Business Informatics, or a comparable field
• 8+ years of experience in ICT risk management, cybersecurity, GRC, IT audit, or related areas
• Relevant certifications such as CISSP, CISA, CISM, CRISC are considered an advantage
• Strong understanding of regulatory frameworks in the financial industry (e.g. EBA Guidelines, DORA, NIS2) and standards such as ISO 2700x or NIST
• Excellent analytical and problem-solving skills, with a structured and solution-oriented mindset
• Proven ability to work independently, with strong organizational and planning capabilities
• Outstanding communication and stakeholder management skills, with fluency in English (German is a plus)
• Proactive, curious, and collaborative personality