ICT Risk Assurance Specialist

Build the future of financial markets. Build yours.

Ready to make a real impact in the financial industry? At Deutsche Börse Group, we'll empower you to grow your career in a supportive and inclusive environment. With our unique business model, driven by 15,000 colleagues around the globe, we actively shape the future of financial markets. Join our One Global Team

Want to learn more?

Who we are

Deutsche Börse Group is one of the world's leading exchange organisations and an innovative market infrastructure provider. With our products and services, we ensure that capital markets are fair, transparent, reliable, and stable. Together, we develop state-of-the-art IT solutions and offer our IT systems all over the world. Play a key role in our mission: to create trust in the markets of today and tomorrow.

Prague

Your career at Deutsche Börse Group

Your area of work:

The Chief ICT Risk Office / CISO department combines IT & IS Risk Management in the 2nd Line of Defense (LoD). Its mandate is to:

• Define ICT risk governance and framework.
• Set control objectives, review methodology, and risk assessment methodology.
• Conduct independent oversight of 1st LoD IT and IS controls.
• Monitor and report on ICT risk levels.
• Drive transformation and collaboration across the organization.

You will ensure continuous monitoring and oversight of ICT risk to provide reasonable assurance that ICT controls are properly designed, implemented, and operating effectively.

Your responsibilities:

• Plan & Prepare - Develop annual/multi-year assurance plans, define scope, and prepare workbooks with control requirements and test steps.
• Assess & Monitor - Perform Test of Design (ToD) and Test of Implementation (ToI) for ICT controls; test operating effectiveness (ToE) using inquiry, observation, inspection, and re-performance.
• Request evidence – Collect and analyze evidence (policies, procedures, system configs, logs); escalate delays when needed.
• Report & Communicate – Document observations and improvement opportunities; share preliminary results for validation; deliver structured reports with severity ratings and remediation timelines.
• Follow-up & Track – Monitor remediation progress, escalate overdue items, validate closure evidence, and update status reports.
• Continuously Improve – Enhance methodologies, templates, and processes; ensure alignment with regulatory requirements (e.g., DORA) and internal frameworks.

Your profile:

• University degree (Bachelor/Master) in IT, Information Security, Risk Management, or related field.
• Minimum 2 years of experience in IT/Information Security, ideally in internal/external audit, second-line assurance, or control implementation roles.
• Experience in the financial sector, preferably within EU-regulated environments; familiarity with BAIT, MaRisk, CSSF, and DORA is a plus.
• Strong understanding of ICT risk frameworks, control design and implementation principles, and the Three Lines of Defense model.
• Familiarity with common IT standards (CSA-CCM, COBIT, BSI Grundschutz, ITIL, ISO/IEC 27000 series).
• Professional certifications such as CISA, CISM, CISSP, CEH, or CIA are preferred.
• Ability to apply assurance techniques (inquiry, observation, inspection, re-performance) and sampling methodologies.
• High analytical skills and conceptual thinking; ability to interpret complex technical and regulatory requirements.
• Strong interpersonal and communication skills for engaging senior stakeholders.
• Experience in Cloud Security, Network Security, Vulnerability Management, Security Information and Event Management (SIEM), Privileged Access Management (PAM), Threat Intelligence, Incident Response, or related domains is an advantage.
• Excellent English (written and spoken); German is an advantage.

Why Deutsche Börse Group?

We are committed to providing a work environment where everyone feels welcome and can reach their full potential. Our standards go far beyond simply matching candidates with the right position.

Mobility

We enable you to move freely with our job tickets, job (e-)bikes and free parking opportunities.

Work environment

Collaboration, communication, or deep focus – in our modern office buildings you will find the perfect work environment. Free drinks and food and meal allowances included.

Health and wellbeing

We care for your health and wellbeing and besides various health promotion measures we offer you a group accident insurance and additional insurance offers at discounted rates.

Financial stability

We provide financial stability by offering attractive salaries, company pension schemes, participation in our Group Share Plan, as well as bonuses, subsidies and discounts.

Hybrid work

Collaborate and exchange on-site or work remotely several days a week in line with business needs and local regulations. Our hybrid working model combines the best of both worlds.

Flexible working hours

We want your job to fit your life situation and offer flexible working time models, childcare allowance, or the possibility to study alongside your job.

Internationality

Our market infrastructures are globally connected. Working with us means collaborating with like-minded colleagues across over 60 locations from more than 100 nations.

Development

We promote individual development by offering internal development programmes, mentoring, further education and training budgets.

Contact

Recruiting Team

Take your career to the next level with us and embrace new challenges

Our Recruiting Team is looking forward to your call or e-mail.

Ready to start your career with us?

Apply now

---