Dcro Technology Lead (india) Job in Deutsche Bank

DCRO Technology Lead (India)

Position Overview

Position Description

Chief Operating Office, Divisional Control & Regulatory Office (DCRO) provides services to multiple functions in the group, to deliver Deutsche Banks risk and control agenda.

The function provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient and consistent standards and policies across Technology.

DCO Technology is a dedicated risk, control and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology, Data & Innovation(TDI) organisation.

DCRO Technology department is divided across three services: Risk Assessment, Risk Management & Reporting and Information Technology (IT) Policy and Control.

The Divisional Regulatory, Risk and Control Specialist will support DCO Tech in identifying the Technology Risk Portfolio and work across COO to provide the project and programme information required to ensure the objectives are realised and to highlight where there are delivery challenges or constraints.

This role is integral in supporting the front line management in identifying, assessing/measuring risks, identifying remediation actions and monitoring risks, by performing comprehensive risk assessments of technology functions according to established process and control standards.

The role could involve participating in a variety of types of risk assessments including Deep Dives on technical subjects, Read-Across for identification of themes in other bank divisions, Review of emerging technologies, mandatory compliance assessments such as SoX, SWIFT CSP, Group ORM Risk assessments such as the RCA process or project risk assessments for the banks major initiatives as determined through the Investment Governance & Technology Strategy

The Risk & Control Specialist will work within the Risk Assessments team and closely interact with the different Risk Officers, Regional leads, 2LoD such as Non-Financial Risk Management (NFRM) and the groups frontline technology groups. This will include CIOs, development & infrastructure leads, programme managers, architects and production support areas.

Position Specific Responsibilities and Accountabilities

Performs technology risk assessments across COO Technology areas and processes, evaluating relevant inherent risks, validating controls, assessing the effectiveness of control design and operation and determining residual risk.

Performs risk assessments across many disciplines from an infrastructure, application and security perspective. This includes technology delivery, operations, security and availability controls of IT infrastructure including servers (UNIX , Windows and Wintel); Databases and Storage Arrays, Middleware, Data Centres, Network devices, Firewalls, Antivirus, Intrusion Detection Services (IDS) and Intrusion Prevention Services (IPS). Assessments also include review of controls and risks impacting the application development lifecycle (SDLC) and application operation.

Works with TDI Technology management to agree assessment findings and mitigating actions, and evaluate outcomes in terms of systemic issues requiring strategic remediation.

Influences the integration of Group Risk & Control Technology related initiatives and processes into the regional specific framework

Ensures appropriate senior management awareness/oversight of follow-up on action items to resolve identified Technology issues, e.g. OR self-assessment, independent (project) risk review, audit issue resolution

Verifies remediation concepts for critical systemic issues and monitors their execution according to plan and with quality

Design, Execute and support Regulatory & Mandatory annual compliance assessment e.g. SWIFT CSP etc.

Helping to drive the implementation of the department strategy and, in that context, drive design and implementation of our technology control framework around continuous assessment of our control environment

Driving the execution of independent reviews of risk events, identifying root causes, reviewing robust remediation plans and engaging with the business line

Engaging around the regulatory implications for technology risk, helping to drive any associated remediation keeping technology within risk appetite.

Challenging technology control weaknesses (raised from audits or other sources), and providing advice to the technology business lines for sustainable risk remediation options arising from weakness, errors and external event demands

Establishing capabilities that enable a positive risk culture and drive behavioural change

People Management

The Divisional Regulatory, Risk and Control Specialist role would require managing people directly

Experience/ Exposure

Excellent team member able to work proactive in fast paced and global environment. Open minded, able to share information, transfer knowledge and expertise to team members. Self-confident, takes initiative and ability to manage conflicts.

A strong technical background with wide knowledge of technology and application operation to investigate and assess impact of risks.

Excellent analytical and investigation skills to identify underlying technology issues and demonstrate viable solutions and problem solving

Excellent communication skills, fluent in English and local language (written/verbal) as appropriate. Ability to interface in a multicultural environment and at all hierarchy levels.

Experience of Risk Assessments / Technology and Operations Audits / IT Operations focused Control functions is beneficial but not essential, however an appreciation of risk subject matter is required.

Experience of technology design, implementation and delivery obtained in Financial Services

Experience of Emerging Technologies Robotics, Predictive Analytics, Block Chain, Mobile, Public Cloud, etc.

Experience of IT Management, Project/ Programme Management or IT Audit/ Governance to be able to deliver assessments to agreed timelines with high stakeholder engagement.

Understand Investment, Corporate and Retail Banking functions with broad-based experience in technology and operations like Payments and Swift

Keeps pace with technical / operational innovation & self starter to ensure good knowledge of COO Technology risk remediation projects.

Sound understanding of internal and external control, compliance and risk frameworks such as CoBIT; ISO standards, ITIL, etc;

Able to liaise with Senior Management and regulators on reporting of project milestones, key deliverables and credibility to obtain key stakeholder sign offs and impact of identified risks

Added advantage if there is experience of presenting and providing information to regulators on technology risks

Education/ Qualifications

• Education to degree level with relevant professional qualifications an advantage.

Certifications

Certification in at least one of the following:

• CRISC (Certified in Risk and Information System Control)
• CISSP (Certified Information Systems Security Professional) or equivalent
• CISA (Certified Information Systems Auditor) or equivalent
• COBIT, ITIL, ISO27000, 6-Sigma Green Belt Certification .

Our values define the working environment we strive to create diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.

Click to find out more about diversity and inclusion at Deutsche Bank.