Cyber Risk Management Functional Lead (f/m/d)

The Group Security department directly contributes to the Deutsche Börse Group ICT strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity and availability by enforcing ICT controls based on the relevant regulatory requirements and the international standards like ISO 2700x-series on the Information Security Management System.

Your area of work:

In this role, you will have a unique opportunity to contribute to a growing department at the heart of a dynamic global capital markets business. As part of the Information Security Risk Management team, you will help enforce the ICT Risk Framework in close collaboration with the CISO, Group Risk, Compliance Management, and Data Privacy functions.

Your primary focus will be on Cybersecurity Risk Management, our core area of expertise. You will act as a trusted advisor to business partners and senior management, providing expert consultation on cybersecurity risk matters. In addition, you will support a variety of ICT risk-related initiatives, helping to ensure that solutions are robust, compliant with regulatory requirements, our business strategy and aligned with industry best practices.

Your proactive mindset and strong interpersonal skills will be key to building trust and fostering collaboration with stakeholders across business and technology. You will thrive in a friendly, cooperative, and supportive environment that values initiative and teamwork.

Your responsibilities:

• Lead the development, execution, and enhancement of cyber risk assessment methodologies, processes and tooling in accordance with the ICT Risk Strategy and the related DBG policies
• Act as the subject matter expert for our cybersecurity risk assessment domain
• Coordinate and conduct risk assessments for ICT assets
• Collaborate with asset owners and security teams to identify, evaluate, and mitigate cyber risks
• Provide expert guidance on risk treatment options and support the development of remediation plans
• Maintain and evolve risk scoring models and ensure consistent application across assessments.
• Prepare and present risk assessment results to senior stakeholders, including risk owners and governance bodies.
• Monitor regulatory developments and industry trends to ensure compliance and relevance of assessment practices.
• Support internal and external audits and regulatory inquiries related to cybersecurity risk management.
• Contribute to the development of cyber risk metrics and reporting for executive and board-level audiences.

Your profile:

• Master degree in Information Technology, Cybersecurity, Business Informatics or comparable education
• 10+ years of experience in IT risk management, Cybersecurity, GRC, IT Audit or similar
• Certifications like ITIL, CISM, CRISC, CISA, PMP or similar is an advantage
• Knowledge of general legal and regulatory frameworks in the financial industry, for example DORA, NIS2, EBA Guidelines on ICT and security risk management, and industry standards like ISO/IEC 2700x or NIST
• Strong analytical skills, critical thinking, ability to identify problems and propose solutions
• Autonomous and resilient, with strong planning and organization skills
• Exceptional communication and stakeholder management skills, both verbal and written in English (German would be considered an asset)

Location: Prague