About Group Information Security & Danske Bank
Danske Bank Group Information Security (GIS), headed by the office of the CISO, is a part of an organization that delivers excellent security and risk solutions to Danske Bank and its customers. Under GIS, the ITBRC team drives Risk Controls Assurance for the business, leveraging leading security control capabilities to mitigate risk and thereby drive trust in Danske Bank as tomorrow’s digital bank for the Nordic market. GIS teams work with complex technical challenges and develop Danske Bank’s global competitive edge on innovative risk mitigating solutions.
About the Job
The ITBRC team is within the Group Information Security department with colleagues located in Denmark, Lithuania and India. As a Risk Controls Assurance Associate, you will be assigned to interesting tasks supporting controls assessment, assurance testing, and determination of control gaps to increase awareness of why risk controls are important to the success of the bank.
We are looking for an Associate who will support the management of risk inventories and who will assist in increasing the awareness of how risk controls support the success of the bank. Your work will be exciting and challenging as you work with the team to inventory controls over critical business processes and catalogue and compare them to standard controls within our governance, risk and compliance (GRC) platform. You will assess the design and operating effectiveness of the IT risk and information security controls to enable appropriate risk management and compliance with bank policy and legal / regulatory requirements.
You will support the management and upkeep of risk controls and assist in maintaining the ServiceNow GRC controls catalogue. The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST Cyber Security Framework, ISO, GDPR, SOX, etc. The successful candidate will liaise with business groups and other stakeholders globally to support internal control system management as a top priority enabling the banks risk mitigation objectives. You will;
- Be a part of the ITBRC team as a Risk Controls Assurance Associate
- Support testing against defined controls (compliance / risk assessments of systems / applications / processes / vendors / etc.)
- Support the ongoing development of our controls framework by assessing gaps in our existing controls
- Support business stakeholders to understand risks vs. control effectiveness over critical processes and support the definition of potential business impact of poor controls
- Support the assessment of control effectiveness over potential security weaknesses and support creative ways to tackle challenges unique to the Danske Bank critical business processes
- Effectively support controls for IT risks of Danske Bank stakeholders, business partners, and vendors when the bank introduces new systems, new technologies, new third-party service providers and other changes to the business environment
- Support control testing as this relates to compliance to and assurance of Danske Bank security assessments
- Write technical guidance for risk controls and their effectiveness in English and keep it updated
We expect you to have;
What We Offer
- A bachelor degree in Management of Technology, Computer Science, Mathematics or equivalent
- 3+ years’ experience in GRC implementation, processes, and practices
- Experience with industry standards in risk controls (experience in delivering training and conducting control gap audits would be an advantage).
- Experience or knowledge of regulatory compliance through risk controls, risk evaluation and controls assessments, records management, data and document classification, collaboration technologies and information lifecycle practices
- Familiarity or prior experience with RSA Archer, ARIS, Collibra, Informatica Risk Controls Assurance tools, ServiceNow GRC, Solix,, IBM Unified GRC, Talend, Clearswift IG Server, OpenText Enterprise Content Management, or similar technologies
- Understanding of IT security principles
- Understand how controls associate to processes, the technology within the processes and the inter-relationship with the systems supporting the processes to allow for the determination, evaluation, reporting and mitigation of technology risk
- Fluent verbal and written English skills. You will be able to demonstrate excellent written and oral communication skills, a good eye for detail and ability to manage a busy workload.
- Experience within Information Governance, Risk or Security credentials such as IGP, CISSP, CSSLP, CIPPE, ITIL, or CGRC (advantageous, but not required)
We offer an inspiring environment in a large IT organization with a competitive salary. Here you will find the perfect opportunity to join a growing Business Risk & Controls team and face the challenge and the opportunity to influence and shape the critical controls over bank activities.
Furthermore, you will be working in an international team, which concentrates on innovative business facing solutions.
You will find yourself working in a highly skilled team, where you will get supportive and targeted training to ensure that your skills are maintained and updated on an ongoing basis, giving you even stronger career opportunities.
The primary working location is Denmark, Lithuania or India, but with possible relocation options.
If you are interested, please upload your application and CV as soon as possible. We will be screeing and conducting interviews on an ongoing basis.
Should you have any questions regarding the position, please do not hesitate to contact Con Jan Quach via email CQ@danskebank.dk
We look forward to hear from you.
Send application and CV no later than 01.12.2019.
Danske Bank is a Nordic bank with strong local roots and bridges to the rest of the world. For more than 145 years, we have helped people and businesses in the Nordics realise their ambitions. Danske Bank has more than 21,000 employees in 13 countries around the world who serve our 3.4 million personal, business and institutional customers. In addition to banking services, we also offer life insurance and pension, mortgage credit, wealth management, real estate and leasing services.