Field of Activity
The Information Security department as a service provider for Dbg's product organization and the First Line of Defense of Deutsche Börse Group is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity and availability. Information Security risk management tasks and procedures are based on the requirements published as the ISO 27000-standard-series (information security management systems).
Tasks/Responsibilities
- Provide guidance for deployment of Infrastructure Security technologies & processes, especially in the area of Distributed Systems and Databases
- Ensure daily operational duties related to security management in compliance with relevant policies and industry best practices
- Recommend appropriate controls to maintain confidentiality, integrity and availability of systems/services and to fulfil the requirements of the regulators
- Provide effective support service for implemented Security controls, potentially including on-call duties; deliver a first class level of service at all times
- Organise the review of information systems for actual or potential breaches in security according the current threat landscape
- Develop and improve security solutions for privileged access monitoring and prevention in the area of database security and ensure the fulfilment of regulatory requirements
- Develop information security procedures, standards, baselines and guidelines in line with international standards of quality management
Qualifications/Required skills
- University degree in Computer Science or relevant discipline
- At least 5 years of experience in a large-scale online technical operations environment
- Excellent understanding of Oracle, MySQL, PostgreSQL, MSSQL, DB2 security concepts & threats
- SQLI, database access control
- Very good knowledge of systems & applications security concepts
- Experience with System and Database security tools (IBM Guardium, Imperva, Sherlock, ...)
- Security-related certification (CCSP, CISSP, Casp, Security+, GSEC or equivalent) or willing to acquire one major certification within one (or two) years is highly desirable
- Excellent understanding of Linux, Solaris, Windows, Z/OS security concepts & threats is an asset
- Awareness of ISO 27001is an asset
- Programming and scripting skills is a plus
- Effective organizational skills to maintain a consistently high standard of operations in a business-critical financial environment
- Excellent troubleshooting skills and a proven documentation methodology
- Ability to quickly understand new threats and technical concepts
- Demonstrate passion and motivation for information security and a desire to learn
- Excellent English language communication skills (Verbal and Written). French and/or German is an asset