Group Technology & Operations – IT Risk & Control Manager – VP recruitment
About Deutsche Bank
A Passion to Perform. It’s what drives us. More than a claim, this describes the way we do business. We’re committed to being the best financial services provider in the world, balancing passion with precision to deliver superior solutions for our clients. This is made possible by our people: agile minds, able to see beyond the obvious and act effectively in an ever-changing global business landscape. As you’ll discover, our culture supports this. Diverse, international and shaped by a variety of different perspectives, we’re driven by a shared sense of purpose. At every level agile thinking is nurtured. And at every level agile minds are rewarded with competitive pay, support and opportunities to excel.
About Group Technology and Operations
The strength of technology and operations is present in everything we achieve. Delivering tailored information technology and seamless transaction solutions is essential to Deutsche Bank’s global resilience. Pioneering technologies and reengineering processes, we combine exceptional levels of innovation with world-class client service. Our division designs and develops the systems, software and solutions that make millisecond transaction times cost-effective and reliable. Every second, we face the technological and logistical challenges implicit in growth, market change and constant competition. Active in over 50 countries and employing around a fifth of our total staff, Group Technology Operations enfolds three crucial business areas.
Technology is responsible for the development, implementation and maintenance of leading-edge software applications. They create the core systems that process trades, assess risk and deliver data. Operations encompasses the people and processes that back up global deal-making. Every day, they make sure that billions of trades are settled, risk is minimized and clients are satisfied. Infrastructure provides global data centers, networks and services that are reliable, cost effective and scalable across all divisions. GTO is a known catalyst for change within our global Bank. We pride ourselves in our creativity, courage, adaptability and strategic vision. Maybe that’s why our unique processes have been recognized by a number of industry awards. Our primary task is to make the Bank efficient and responsive today, while building the foundation to meet the demands of tomorrow.
Position summary:
The IT Risk Control Manager is responsible for the strategy formulation, design and execution of risk control activities such as Operational Risk Programmes and legal/ regulatory programmes (e.g. SOX). The IT Risk Control Manager evaluates and agrees with senior management on the risk appetite and derived scope and depth of risk and control programmes. Where appropriate, IT Risk Control Managers may manage and oversee remediation projects as a member of the respective Steering Committee. IT Risk Control Managers liaise with Group Audit and other central functions on a management level. This role also fulfills the role of Divisional Operational Risk Officer (DORO), Chief Business Information Security Officer (Chief BISO) and Global Audit Resolution Manager (GARM) by representing these areas on the correlating Group Committees (e.g. Group Operational Risk Mgmt Committee, etc).
Job responsibilities:
• Designs and facilitates overall Risk Control Team processes. Influences the integration of Group Risk Control initiatives and processes into the specific framework.
• Demand evaluation and overall design of risk and control programmes in line with the defined risk control strategy and risk appetite.
• Influences and designs assessments, assessment execution processes and related oversight processes for internal/ external audits and/or execution of legal/ regulatory or Group programmes e.g., SOX IT, Gatekeeper.
• Monitor progress of completion of these initiatives and serve as escalation/ conflict resolution point.
• Spearheads independent reviews, prioritizes identified issues and assesses remediation actions for quality, considering the optimal cost-risk ratio as well the strategically optimal resolution (patch vs. root cause remediation up/downstream).
• Ensures appropriate senior management awareness/oversight of follow-up on action items to resolve identified issues, e.g. OR self-assessment, independent project risk review, audit issues.
• Develops strategy and designs a framework to proactively manage OR loss collection, lessons learned, risk acceptance and New Product Approval process. Advises strategic projects and requestors on options and the process.
• Design frameworks to proactively manage internal/external audit processes. Proactively manages regulatory and legal audits, plans in cooperation with central functions preparation and remediation.
• Verify remediation concepts for critical and systemic issues and monitor their execution according to plan and with quality.
• Pre-empt changes in the legal/ regulatory environment and support and advise senior management of potential impacts.
• Enhancement and roll out of the regulatory governance framework regionally and ensure global consistency.
• Maintain tracking system and centralized data repository of all regulatory requests, responses, and remediation efforts.
• Develop and regularly produce reports and regional heat maps based on regulatory activities. Correlate with global heat maps and produce regulatory intelligence reporting, aligned with global reporting.
• Develop, monitor and review the KPI’s and KRI’s defined for regulatory compliance.
• Influence IT risk control-related policies/standards, methodologies and provide feedback. (Co-) Design implementation measures and oversee their implementation.
• Acts as an escalation and conflict resolution point of contact, as well as for central functions or parties outside DB (e.g. Regulators).
Candidate requirements:
• 10+ years financial services/banking industry experience.
• Demonstrable proficiency of the protocols when interfacing with regulators, with good understanding of the regulators’ role as it relates to the banking system.
• Relevant experience (or comparable track record) in risk and compliance management.
• Expert knowledge in minimum of two and experience in all of the following fields: operational risk management, regulatory programme management, information security, data protection, quality management (CMMI, COBIT or ITIL or 6-Sigma) or IT development.
• Excellent analytical skills to evaluate root cause, optimal resolution point and portfolio analysis.
• Excellent influencing and conflict management skills in a multi-cultural and globally matrixed organizations.
• Excellent in translation of very complex topics in clear and crisp messages/visions and strategy.
• Fluent in English (written/verbal).
• Masters Degree from an accredited college or university (or equivalent).
• CISSP (Certified Information Systems Security Professional) or equivalent.
• CISA (Certified Information Systems Auditor) or equivalent.
• 6-Sigma Green Belt (Minimum) – Black Belt (Preferred).
• Proficiency with presentation, analysis, communications tools and facilities such as MS Office products, Visio, audio/video conferencing, web presentations, SharePoint.
• Credit Market risk exposure a plus.
Deutsche Bank is an equal opportunity employer who seeks to recruit and appoint the best available person for a job regardless of marital status, sex (including pregnancy), age, religion, belief, race, nationality and ethnic or national origin, color, sexual orientation or disability.
See more at db.com/careers