About Group Information Security & Danske Bank
Danske Bank Group Information Security (GIS), headed by the office of the CISO, is a part of an organization that delivers excellent security and risk solutions to Danske Bank and its customers. Under GIS, the ITBRC team drives Risk Controls Assurance for the business, leveraging leading security control capabilities to mitigate risk and thereby drive trust in Danske Bank as tomorrow’s digital bank for the Nordic market. GIS teams work with complex technical challenges and develop Danske Bank’s global competitive edge on innovative risk mitigating solutions.
About the Job
The ITBRC team is within the Group Information Security department with colleagues located in Denmark, Lithuania and India. As a Risk Controls Assurance Associate, you will be assigned to interesting tasks supporting controls assessment, assurance testing, and determination of control gaps to increase awareness of why risk controls are important to the success of the bank.
We are looking for a Risk Controls Assurance lead who will manage the Risk Controls Assurance team, manage risk inventories and associated controls increasing the awareness of how risk controls support the success of the bank. Your work will be management of the team who will inventory controls over critical business processes and catalogue and compare them to standard controls within our governance, risk and compliance (GRC) platform.
You and your team will assess the design and operating effectiveness of the IT risk and information security controls to enable appropriate risk management and compliance with bank policy and legal / regulatory requirements. You will oversee the management and upkeep of risk controls that are maintained in the Danske Bank ServiceNow GRC controls catalogue.
You and your team will work across multiple frameworks and regulatory standards including, but not limited to, NIST Cyber Security Framework, ISO, GDPR, SOX, etc. Your team will liaise with business groups and other stakeholders globally to support internal control system management as a top priority enabling the banks risk mitigation objectives. You will;
- Lead the ITBRC Risk Controls Assurance team
- Manage the team and the team’s testing against defined controls (compliance / risk assessments of systems / applications / processes / vendors / etc.)
- Oversee the ongoing development of our controls framework by managing the team as it assesses gaps in our existing controls
- Lead awareness of business stakeholders to understand risks vs. control effectiveness over critical processes and report upon the potential business impact of poor controls and work to improve those controls
- Organize and categorize the bank's internal control practices and procedures established to create business value and minimize risk
- Lead the team as it assesses control effectiveness over potential security weaknesses and recommend creative ways to tackle challenges unique to the risk control of Danske Bank critical business processes
- Manage and promote more effective controls for the IT risks of Danske Bank stakeholders, business partners, and vendors and help to make stakeholders aware of why change in business processes when the bank introduces new systems, new technologies, new third-party service requires reassessment of existing controls and the introduction of new controls
- Manage the team and control testing as this relates to compliance to and assurance of Danske Bank security policy
- Review and oversee technical guidance for risk controls and their effectiveness in English and keep it updated
We expect you to have;
What We Offer
- A Bachelor degree in Management of Technology, Computer Science, Mathematics , Risk Management or Information Security or equivalent, with advanced degrees preferred
- 5+ years’ experience in GRC implementation, processes, and practices
- Experience with industry standards in risk controls
- Experience in delivering risk training
- Experience conducting control gap audits
- Experience with regulatory compliance through risk controls, risk evaluation and controls assessments, records management, data and document classification, collaboration technologies and information lifecycle practices
- Experience with ServiceNow GRC and response to business risks, risk controls monitoring, risk prioritization and risk control automation
- Experience with or familiarity with RSA Archer, ARIS, Collibra, Informatica, , Solix,, IBM Unified GRC, Talend, Clearswift IG Server, OpenText Enterprise Content Management, or similar technologies
- Management experience of a team of 3 or more individuals
- Solid understanding of IT security principles
- Experience associating risk controls to processes, the technology within the processes and the inter-relationship with the systems supporting critical business processes to allow for the determination, evaluation, reporting and mitigation of technology risk
- Fluent verbal and written English skills. You will be able to demonstrate excellent written and oral communication skills, have a good eye for detail and the ability to manage a busy workload.
- Information Governance, Risk or Security credentials such as IGP, CISSP, CSSLP, CIPPE, ITIL, or CGRC (advantageous, but not required)
We offer an inspiring environment in a large IT organization with a competitive salary. Here you will find a perfect opportunity to join a growing Business Risk & Controls team and face the challenge and the opportunity to influence and shape the critical controls over bank activities.
Furthermore, you will be working in an international team, which concentrates on innovative business facing solutions.
You will find yourself working in a highly skilled team, where you will get supportive and targeted training to ensure that your skills are maintained and updated on an ongoing basis, giving you even stronger career opportunities.
The primary working location is Denmark, Lithuania or India, with possible relocation options.
If you are interested, please upload your application and CV as soon as possible. We will be screeing and conducting interviews on an ongoing basis.
Should you have any questions regarding the position, please do not hesitate to contact Con Jan Quach via email CQ@danskebank.dk.
We look forward to hear from you.
Send application and CV no later than 01.12.2019.
Danske Bank is a Nordic bank with strong local roots and bridges to the rest of the world. For more than 145 years, we have helped people and businesses in the Nordics realise their ambitions. Danske Bank has more than 19,000 employees in 16 countries around the world who serve our 3.4 million personal, business and institutional customers. In addition to banking services, we also offer life insurance and pension, mortgage credit, wealth management, real estate and leasing services.