About Group Information Security & Danske Bank
Danske Bank Group Information Security (GIS), headed by the office of the CISO, is a part of an organization that delivers excellent security and risk solutions to Danske Bank and its customers. Under GIS, the ITBRC team drives Risk Controls Assurance for the business, leveraging leading security control capabilities to mitigate risk and thereby drive trust in Danske Bank as tomorrow’s digital bank for the Nordic market. GIS teams work with complex technical challenges and develop Danske Bank’s global competitive edge on innovative risk mitigating solutions.
About the Job
The ITBRC team is part of Group Information Security department with colleagues located in Denmark, Lithuania and India. As a Policy and Control Frameworks Associate, you will be assigned to very interesting tasks that includes driving increasing awareness of the policy throughout Group IT and our various business divisions. Your work will be exciting and challenging because the Policy and Control Frameworks Team will set policy over critical business processes and support important regulatory response.
We are looking for Policy and Control Frameworks Associates, who will work as part of the ITBRC team to mature the information risk policy, support regulatory response, support incident reporting to regulatory bodies, review risk scoring models and risk ranking as these relate to the Policy. The Policy and Control Frameworks Associate will assist in updating the policy with management direction and see that the Information Security Policy is operationalized and actionable.
Your work will include development and maintenance of the policy framework in accordance with ISO, NIST and other applicable industry standards, regulatory requirements and business drivers. You will strengthen the Policy and Control Frameworks by making the policy framework actionable and supporting colleagues across the bank in understanding and implementing our information security policy requirements.
You will support the management and upkeep of the Information Security Policy and you will assist with delivering training on the use of the policy.
The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST Cyber Security Framework, ISO, GDPR, SOX, etc. The successful candidate will liaise with business groups and other stakeholders globally to support Policy management as a top priority, to better enable the bank’s risk mitigation objectives. You will;
- Help to maintain policies and guidance for IT risk and information security control frameworks
- Assist with the review and help to make more actionable the policy, addressing topics such as the following (some may be owned by other teams and you will support from an information security point of view):
- Information Security
- Acceptable Usage
- Access Control
- Business Continuity
- Cyber Risk
- Disaster Recovery
- Information Classification
- Physical and Environmental Security
- Security Incident Response
- Password Management
- Clear Desk
- Information Transfer
- Mobile Device
- Software Installation
- Antivirus and Malware
- Supplier Relationship
- Records Management
- Web Application Security
- Change Management
- Cloud Services
- Provide policy support to our overall governance, risk and compliance program
- Help inform leadership of issues resulting from risk analysis and determining potential revisions to the policy that are appropriate for the business
- Work closely within the ITBRC team to support policy effectiveness over potential security weaknesses and support the development of creative ways to tackle challenges unique to critical Danske Bank business processes
- Support the continued maintenance of GIS policies and IT security standards
- Stay current with industry, regulatory, and legal requirements relevant to Policy and Control Frameworks in information security, IT risk and compliance, and data privacy
- Assist with writing policy guidance documentation in English and keep it up-to-date
We expect you to have:
What We Offer
- A Bachelor degree in Management of Technology, Computer Science, Mathematics or equivalent
- 3+ years’ experience in security policy implementation, processes, and practices
- Experience with industry standards in Policy and Control Frameworks
- Knowledge of regulatory compliance through Policy and Control Frameworks, risk evaluation and controls assessments, records management, data and document classification, collaboration technologies and information lifecycle practices
- Familiarity or prior experience with RSA Archer, ARIS, Collibra, Informatica Policy and Control Frameworks tools, ServiceNow GRC, Solix, IBM Unified GRC, Talend, Clearswift IG Server, OpenText Enterprise Content Management, or similar technologies would be advantageous
- Understanding of IT security principles
- A basic understanding of how policy relates to processes, the technology within the processes and the inter-relationship with the systems supporting the processes for the determination, evaluation, and reporting on technology risk
- Strong interpersonal and communication skills. You will be able to demonstrate excellent English written and oral communication skills, have a good eye for detail and the ability to manage a busy workload.
- Technical writing certification or experience
- Information Governance, Risk or Security credentials such as IGP, CISSP, CSSLP, CIPPE, ITIL, or CGRC (advantageous, but not required)
We offer an inspiring environment in a large IT organization with a competitive salary. Here you will find the perfect opportunity to join a growing Business Risk & Controls team and face the challenge and the opportunity to influence and shape the critical controls over bank activities.
Furthermore, you will be working in an international team, which concentrates on innovative business facing solutions.
You will find yourself working in a highly skilled team, where you will get supportive and targeted training to ensure that your skills are maintained and updated on an ongoing basis, giving you even stronger career opportunities.
The primary working location is Denmark, Lithuania or India, but with possible relocation options.
If you are interested, please upload your application and CV as soon as possible. We will be screeing and conducting interviews on an ongoing basis.
Should you have any questions regarding the position, please do not hesitate to contact Con Jan Quach via email CQ@danskebank.dk
We look forward to hear from you.
Send application and CV no later than 01.12.2019.
Danske Bank is a Nordic bank with strong local roots and bridges to the rest of the world. For more than 145 years, we have helped people and businesses in the Nordics realise their ambitions. Danske Bank has more than 19,000 employees in 16 countries around the world who serve our 3.4 million personal, business and institutional customers. In addition to banking services, we also offer life insurance and pension, mortgage credit, wealth management, real estate and leasing services.