Head of Information Security Compliance Evaluations (m/f/d)

Beschreibung des UnternehmensDie ODDO BHF SE zählt zu den führenden Adressen der unabhängigen Privatbanken Deutschlands. Unsere Kunden sind sehr vermögende Privatanleger, vorwiegend mittelständische Unternehmen sowie institutionelle Investoren. Wir haben uns der professionellen und individuellen Beratung verschrieben. An unsere Mitarbeiter stellen wir die hohe Anforderung, dass sie mit ihrem Arbeitsbeitrag und ihrer Persönlichkeit dieser Maxime entsprechen.Stellenbeschreibung

Aufgaben

• Define and execute cybersecurity audit-/control-plans on ODDO BHF’s information- and ecosystem internally and for external outsourcings
• Input on technical and regulatory development of ODDO BHF’s policy, procedures, standards and guidelines
• Support in establishing the methodologies and practices required for ODDO BHF’s information security management system
• Define cybersecurity technical scope, objectives and criteria derived from ODDO BHF’s Information Security Management System (Policies & Procedures), Key Risk Indicators, Risk-Assessment & Audit Results, based on regulatory requirements in France and Germany
• Review target of evaluation, security objectives and requirements based on the risk profile
• Examine compliance with cybersecurity-related laws and regulations applicable to a European Bank & Asset Manager (MaRisk, BAIT, ACPR Arrêté and Notice, EBA Guidelines, SWIFT CSP…)
• Audit conformity with cybersecurity-related applicable standards (ISO 2700x, BSI, NIST etc.)
• Maintain and protect the quality and integrity of documentation records
• Align with stakeholders on remediation measures
  

Anforderungsprofil

Anforderungen

• Technical university degree and technical certifications in Information Security and IT Audit
• Proven track record of work experience in the sector of financial institutions
• Organize and work in a systematic and deterministic way based on evidence
• Follow and practice control and auditing frameworks, standards and methodologies
• Apply control and auditing tools and techniques
• Analyze business processes, assess and review software or hardware security, as well as technical and organizational controls
• Communicate, explain and adapt legal and regulatory requirements and business needs
• Plan and conduct relationship management in a systematic and deterministic manner
• Collect, evaluate, maintain and protect documentation
• Collaborate with key stakeholders from business and IT in a professional manner

Ansprechpartnerin
Frau Pia Johanna Erfert

#J-18808-Ljbffr