Your area of work

As IT Governance Expert in the IT Risk & Information Domain Unit of IT Governance, Risk & Transformation (GRT) you will join the Deutsche Börse Group CIO/COO team. The position will be instrumental in shaping the future IT Risk and Information Domain Unit, directly supporting the Unit Head to achieve the intended outcomes and leading topic implementation from design to operationalisation to create sustainable solutions for the Group.

In our fast-paced and technology-driven business, we rely on IT not only to support day-to-day operations but to innovate, grow, and transform. Recognizing this critical role, we are IT Governance, Risk & Transformation (IT-GRT). A cornerstone of our organization’s technology strategy. With the motto to "safeguard, enable and optimize," our department is dedicated to ensuring that our IT infrastructure and applications, processes, and projects are secure, effective, and aligned with our business goals.

Your resonsibilities

 Lead the operationalization and continuous enhancement of the IT Risk Framework in alignment with regulatory requirements (e.g., DORA, MaRisk, AI Act) and internal governance standards.

• Maintain and evolve the IT process landscape and Internal Control System (ICS) to ensure traceability, control effectiveness, and audit readiness. Conduct regular reviews and gap analyses to identify areas for improvement in the process and control environment.
• Independently conduct and oversee IT risk assessments, including risk identification, evaluation, mitigation planning, and follow-up in complex ICT environments.
• Provide expert input to cross-functional risk and governance initiatives, particularly in the context of regulatory compliance and internal control frameworks. Derive strategic recommendations based on risk analysis and KPIs, supporting decision-making at the executive level.
• Actively support regulatory audits, internal assessments, and external reviews, including coordination of responses and evidence.
• Take ownership of change-driven special topics within IT risk and governance, ensuring timely and effective implementation of emerging or ad hoc initiatives.
• Drive the implementation of risk and governance topics with a holistic, end-to-end awareness for ICT-environments, ensuring alignment across business units, data domains, and the broader organizational architecture.

Your profile

• University degree in Computer Science, Business Administration, Information Security, or a related field.
• Minimum of 7 years of professional experience in IT Risk Management, IT Governance, or Information Security, ideally within the financial services or fund industry.
• In-depth knowledge of European and local regulatory requirements, particularly DORA, MaRisk, and relevant CSSF requirements guidelines.
• Experience in managing asset-linkages and ICT risk aggregation in enterprise-wide information domain models that comprises also modern technologies such as Cloud, AI, and Data Analytics.
• High level of independence, intellectual curiosity, and commitment to continuous improvement. Strong analytical and critical thinking skills with a proactive, hands-on, and solution-oriented mindset.
• Recognized certifications such as CGEIT, CRISC, or equivalent are preferred.
• Fluent in English; German language skills are an asset.