IT/IS Risk Manager (f/m/d)

Date: 1 May 2024

Location: Prague, CZ

Company: Deutsche Börse Group

Area of work:


We are seeking an experienced IT/IS Risk Manager with focus on Internal Controls System to join our organization. The employee will be responsible for analyzing, designing, implementing, and monitoring internal control system within the IT departments. The candidate should have a strong background in internal controls, ability to interpret regulatory requirements, preferably experience in financial industry. Additionally, the candidate should possess strong analytical and communication skills to effectively measure control effectiveness using key performance indicators (KPIs). Within this role the employee will support and foster automation of controls and participate in the design of control effectiveness dashboard within a new GRC tool.



Your responsibilities:


  • Collaborate with cross-functional teams to design and support implementation of effective control framework
  • Design of KPIs for control effectiveness measurement
  • Analyze existing internal control system and processes within the IT product lines to identify potential weaknesses by performing controls completeness checks across our varied IT Landscape (Mainframe, Windows/Unix, Cloud)
  • Regularly monitor and evaluate the effectiveness of implemented internal controls through the collection and analysis of KPIs
  • Identify control gaps and weaknesses and guide the IT colleagues in implementing remediation plans
  • Provide guidance and support to IT teams within 1st LoD regarding internal control best practices
  • Collaborate with auditors and regulators during compliance audits and examinations



Your profile:


  • Preferably 5 years working experience in IT area including knowledge of IT/IS processes and controls
  • Ability to understand IT risk management principles and frameworks (e.g., COSO, NIST)
  • Ability to analyze complex IT processes and identify risk areas
  • Experience in control design and implementation, including risk assessment, control documentation, and control testing
  • Ability to measure control effectiveness using KPIs and develop meaningful insights from data analysis
  • Knowledge of legal and regulatory documents related to IT requirements in the financial industry, for example EBA Guidelines, MaRisk, BAIT, CSSF Circulars
  • Knowledge of IT frameworks and Standards, e.g., COBIT, ISO Standards, or related certifications such as CISA, CRISC, CISSP, ITIL, COBIT will be beneficial
  • Analytical skills and experience to understand, structure and prepare/explain complex topics
  • Proactive approach and ability to complete tasks in timely and accurate manner
  • Experience in a Big Four will be a strong plus
  • Experience with GRC tools is a plus