Job Description
We - the ODDO BHF Solutions GmbH - are a recently founded and dynamic Business solution center in Saarbrücken. As a subsidiary of the German French ODDO BHF Group we support one of the leading private banks in Europe in meeting the needs of wealthy private clients, medium-sized private clients, medium-sized companies, and institutional investors.
Our mission is to offer forward-looking solutions and a high-performance range of services, thereby and thus make a significant contribution to the overall success of ODDO BHF. ODDO BHF Solutions GmbH stands for strong collegial cohesion as well as an active appreciation of diversity, acceptance and tolerance. With our strong parent company behind us, we have ambitious goals that we would like to achieve together with you.
This position assists Compliance and Information Security in providing independent internal control evaluations, auditing, monitoring, and reviewing activities performed by the 1st line of defense, including 3rd party providers/outsourcing on regards to information security relevant domains.
This role will work to ensure ongoing information security compliance by identifying information security risks or non-compliances against the internal information security baseline, industry security standards and frameworks, relevant laws and regulations, and industry best practices. This position also assists in maintaining and developing appropriate policies, procedures, and other relevant documentation to Information Security Compliance & Audit functions and the whole organization.
Principal Responsibilities and Duties:
- Define and execute information security audit/control plans on ODDO BHF's ecosystem internally and for external suppliers/outsourcing, by identifying the control objectives in conformity with information security related standards (ISO 2700x, BSI, NIST etc.)
- Define and execute the plan for monitoring and reviewing the results of self-assessment process on a risk-based approach
- Verify the implementation status of control objectives and applicable security requirements by checking the provided evidence in support to the evaluation
- Monitor the effectiveness of the compliance evaluation processes in accordance with agreed metrics and performance measures to drive continuous improvements
- Prepare IS Compliance reports and status reports, by documenting the identified information security non-compliances
- Actively communicate to asset/process owners and other stakeholders with the goal of identifying the information security non-compliances on regards to 3rd parties suppliers/outsourcing
- Develop and maintain the policies, procedures, manuals, guidelines relevant to IS Compliance & Audit function
Qualifications and Experience
- University degree in Computer Science/ Information Security or related technical fields
- Proven track record of work experience in ISM Control System related job positions
- Knowledge and experience on information security standards such as ISO 2700x, BSI, NIST
- Experience on planning and performing technical controls, monitoring and reviewing software and hardware security, and organizational controls
- Ability to collaborate with other departments and stakeholders
Nice to Have
- Technical certifications in Information Security and IT Audit
- +3y experience in same or similar positions in Financial Institutions
- Knowledge and/or experience on information security frameworks such as SWIFT, PCI DSS, SOX, DORA
- A passion for accuracy and translating insights into a compelling narrative; able to maintain a balance between the details and the larger picture.
- A French-German working environment with flat hierarchies and open and transparent communication as well as short decision-making paths
- Start-up atmosphere with a lot of individual appreciation as well as the support and security of an established company
- Flexible working hours and the possibility of mobile working
- Room for personal and professional development
- Extensive, individual induction
- Cost coverage of a monthly ticket
- Free coffee/tea, soft drinks, fruits and food vouchers