About Group Information Security & Danske Bank
Danske Bank Group Information Security (GIS), headed by the office of the CISO, is a part of an organization that delivers excellent security and risk solutions to Danske Bank and its customers. Under GIS, the ITBRC team drives Risk Controls Assurance for the business, leveraging leading security control capabilities to mitigate risk and thereby drive trust in Danske Bank as tomorrow’s digital bank for the Nordic market. GIS teams work with complex technical challenges and develop Danske Bank’s global competitive edge on innovative risk mitigating solutions.
About the Job
The ITBRC team is part of the Group IT Security and Risk department with colleagues located in Denmark, Lithuania and India. As a Governance Lead, you will lead challenging tasks to support information governance (IG) and the Business Information Security Officers in divisions, governance over third parties, governance support for regulatory inspections and awareness of Risk Governance throughout the bank. Your work will be exciting and challenging because the Information Governance Team has been recently restructured to proactively respond to governance challenges.
We are looking for an Information Governance Lead, who will manage the Information Governance Team to support risk governance throughout the bank.
You will lead the management of governance issues and lead the daily activities of the team’s workload. The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST CSF, ISO, GDPR, SOX, etc. The successful candidate will liaise with all business groups and other stakeholders globally to support new solutions and processes as well as document and remediate outstanding issues. You will;
- Lead and manage the ITBRC Information Governance team
- Lead tracking, escalation and Governance reporting
- Lead Governance Training and Awareness
- Conduct IG audits
- Drive the development of governance principles over the regular assessment of Risk & Controls
- Proactively respond to new trends in security, information risk and governance controls automation
- Lead improvements to our overall governance, risk and compliance program
- Lead the informing of leadership of issues resulting from risk analysis and determining potential solutions that are appropriate for the business
- Interact with business stakeholders to understand risks to effective governance over critical processes and support the definition of potential business impact
- Determine governance over potential security weaknesses and develop creative ways to tackle challenges unique to the Danske Bank business
- Maintain updated knowledge in the field of risk management and compliance to efficiently recommend governance for frameworks including NIST CSF, ISO, GDPR, SOX, etc.
- Understanding of the governance of qualitative vs. quantitative risk management and inherent vs. residual risk to support the determination, evaluation, and reporting on technology risk.
- Effectively engage Danske Bank stakeholders, business partners, and vendors to maintain an understanding of current governance over risks, new systems, and changes to the environment
- Understanding of security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
- Recommend changes to foster effective governance within Policies and IT Security Standards by managing the governance over information security at the bank.
- Recommend change to guidelines for information security for alignment with the bank’s risk strategy and risk profile
- Make recommendations to improve the development and implementation of the information security programme
- Provide regular reports for management on the governance over information security programme and it’s adequacy and effectiveness
- Lead the compliance to and governance of Danske Bank security assessments
- Stay current with industry, regulatory, and legal requirements relevant to information governance, security, compliance, and privacy
- Write technical documentation in English and keep it updated
We expect you to;
What We Offer
- Have a Bachelor degree in Management of Technology, Computer Science, Mathematics , Risk Management or Information Security or equivalent, with advanced degrees preferred
- Have 5+ years’ experience in GRC implementation, processes, and practices
- Have prior experience in maintaining regulatory compliance through Risk Governance, Risk Controls Assurance, risk evaluation and controls assessments, records management, data and document classification, collaboration technologies and information lifecycle practices
- Manage a team of 3 or more individuals
- Have a experience with Industry Standards in Information Governance and experience in delivering IG training
- Have familiarity or prior experience with RSA Archer, ARIS, Collibra, Informatica Risk Controls Assurance tools, ServiceNow GRC, Solix,, IBM Unified GRC, Talend, Clearswift IG Server, OpenText Enterprise Content Management, or similar technologies
- Have familiarity with virtualization and cloud technologies
- Have understanding of IT security principles
- Have fluent verbal and written English skills. You will be able to demonstrate excellent written and oral communication skills, have a good eye for detail and ability to manage a busy workload.
- Have two or more years, experience leading teams of more than 5 individuals with strong interpersonal, presentation or public speaking communication skills
- Have Information Governance, Risk or Security credentials such as IGP, CISSP, CSSLP, CIPPE, ITIL, CGRC (all preferred, but not required)
We offer an inspiring environment in a large IT organization with a competitive salary. Here you will find the perfect opportunity to join a growing Business Risk & Controls team and face the challenge and the opportunity to influence and shape the critical controls over bank activities.
Furthermore, you will be working in an international team, which concentrates on innovative business facing solutions.
You will find yourself working in a highly skilled team, where you will get supportive and targeted training to ensure that your skills are maintained and updated on an ongoing basis, giving you even stronger career opportunities.
The primary working location is Denmark, Lithuania or India, but with possible relocation options.
If you are interested, please upload your application and CV as soon as possible. We will be screeing and conducting interviews on an ongoing basis.
Should you have any questions regarding the position, please do not hesitate to contact Con Jan Quach via email CQ@danskebank.dk
We look forward to hear from you.
Send application and CV no later than 01.12.2019.
Danske Bank is a Nordic bank with strong local roots and bridges to the rest of the world. For more than 145 years, we have helped people and businesses in the Nordics realise their ambitions. Danske Bank has more than 19,000 employees in 16 countries around the world who serve our 3.4 million personal, business and institutional customers. In addition to banking services, we also offer life insurance and pension, mortgage credit, wealth management, real estate and leasing services.