IT Security & Governance Specialist (f/m/d)

Frankfurt am Main

Your career at Deutsche Börse Group

Your area of work:
The Xetra/Eurex Operations team at Deutsche Börse is central to the daily operation and management of our trading, clearing, and risk systems. Within this team, the Security & Governance Unit plays a critical role. We interface with the central Information Security department, manage IT disaster recovery and DORA-related topics, and guide our development and operations teams in translating security and compliance requirements into robust operational processes and technical solutions. In this role, you will be instrumental in creating and maintaining the necessary documentation and processes to meet key regulatory standards such as MaRisk, BAIT, DORA, and KRITIS.

Your responsibilities:

• Align, track, and consult on the yearly review and update of XEOps documentation and procedures in line with DBG 2nd line guidelines and international best practices.

• Consult and support the development, change, and implementation of internal procedures, documentation, and templates, with a focus on coverage of requirements from 2nd line guidelines and procedures.

• Prepare and deliver on reporting requests from 2nd Lines and Legal Entities regarding required controls and KPIs.

• Consult and support the teams on IT audit evidence requests.

• Track identified audit findings for IT assets and support the closure of procedural findings.

• Consult on and support disaster recovery documentation and reports for IT applications and infrastructure, delivering on requirements from DORA and the DBAG Resilience Guideline.

• Collaborate with XEOps infrastructure and application support teams on the conception and implementation of Backup & Restore concepts, addressing DORA's IT resilience requirements.

• Act as a Point-of-Contact and collaborate with the support teams and Application Owners on tasks related to Information Security.

• Work with IT Product teams and key stakeholders to identify, analyze, and mitigate gaps in the implementation of required security controls from Group Security and 2nd line.

• Consult and contribute to Risk Assessments and Risk Management of IT applications and infrastructure with relevant stakeholders and Subject Matter Experts.

• Consult on remediation solutions for vulnerabilities and penetration test results with the IT Support Groups.

• Address identified vulnerabilities to responsible teams, inform managers, and track follow-up activities to ensure timely resolution.

• Support the preparation of regular PAM reports from the Privileged Access Inventory and related Account Controls using the relevant scripts.

Your profile:

• Knowledge of the legal and regulatory requirements relevant to the Financial Market (e.g., KRITIS, BAIT, DORA) and requirements for risk management.

• Strong understanding of international IT best practices and standards (e.g., COBIT, ITIL, ISO2700x) and a good knowledge of IT process design.

• Good understanding of threats and security concepts for ICT infrastructure, platforms, and applications (e.g., network infrastructure, operating systems, databases, middleware, and web application hardening).

• Proven knowledge of Identity and Access Management (IAM) & Privileged Access Management (PAM).

• Programming skills (e.g., shell scripts, Python).

• A passion for IT governance and information security, with a strong desire to learn and deliver high-quality results.

• Proficiency with the Office365 suite and ticketing systems (e.g., JIRA).

• Nice to have: Security-related certifications (e.g., OWASP, CEH, CCSP, CISSP) or a willingness to acquire a major certification.

• Nice to have: Governance-related certifications (e.g., COBIT, ITIL, NIS 2).

Why Deutsche Börse Group?

We are committed to providing a work environment where everyone feels welcome and can reach their full potential. Our standards go far beyond simply matching candidates with the right position.

Mobility

We enable you to move freely with our job tickets, job (e-)bikes and free parking opportunities.

Work environment

Collaboration, communication, or deep focus – in our modern office buildings you will find the perfect work environment. Free drinks and food and meal allowances included.

Health and wellbeing

We care for your health and wellbeing and besides various health promotion measures we offer you a group accident insurance and additional insurance offers at discounted rates.

Financial stability

We provide financial stability by offering attractive salaries, company pension schemes, participation in our Group Share Plan, as well as bonuses, subsidies and discounts.

Hybrid work

Collaborate and exchange on-site or work remotely several days a week in line with business needs and local regulations. Our hybrid working model combines the best of both worlds.

Flexible working hours

We want your job to fit your life situation and offer flexible working time models, childcare allowance, or the possibility to study alongside your job.

Internationality

Our market infrastructures are globally connected. Working with us means collaborating with like-minded colleagues across over 60 locations from more than 100 nations.

Development

We promote individual development by offering internal development programmes, mentoring, further education and training budgets.