Group Risk Management – Cyber Risk & Information Security (GRM-CRIS) is responsible for the group-wide management of cyber and information security risks. It ensures an adequate level of (cyber) security in Commerzbank through clearly defined roles and responsibilities within the security organization. GRM-CRIS serves as the second line of defence (2LoD) for managing cyber and information security risks across Commerzbank. GRM-CRIS establishes the ICT Policy & Control Framework, sets standards, monitors compliance, and assesses ICT risks to ensure adherence to regulatory requirements, such as the Digital Operational Resilience Act (DORA).

We are seeking a Specialist in ICT Risk Management to join our 2LoD team in Prague, contributing to robust ICT governance, risk, and compliance (GRC) processes through effective risk assessment, reporting, and policy development. As a Specialist in ICT Risk Management, you will play an important role in identifying, assessing, and reporting ICT risks, advising senior management, and enhancing Commerzbank’s security framework. Your expertise in information security and risk management will ensure a resilient ICT environment aligned with regulatory and internal standards.

Your tasks

Determine quantitative or qualitative indicators to measure the impact and likelihood of occurrence of weaknesses and threats.
Establish qualitative and quantitative measures to achieve set metrics, key performance indicators (KPI), and key risk indicators (KRI).
Review the risk inventory and information register of risks from other areas.
Define ICT and information security objectives.
Update ICT security policies and guidelines, as well as processes and procedures, particularly during significant changes in the cyber threat landscape.
Measure/ monitor the implementation of security policies and guidelines.
Manage and monitor the ICT risk.
Monitor the accurate identification and classification of ICT-supported business functions and ICT assets according to the established ICT risk management framework.
Implement communication channels between organizational units.

Your profile

Completed degree in computer science or business informatics, or vocational training in IT, commercial, business, or technical fields, ideally supplemented with certifications like CISA, CISM, CISSP, or equivalent training.
Good knowledge of the Digital Operational Resilience Act (DORA) regulation and standards for information security and risk management (e.g., ISMS according to ISO 27001), as well as essential legal and regulatory requirements for information security.
Interest and/or experience in data analysis, agile working methods, project management, and digitalization processes
Strong analytical, conceptual, and strategic thinking skills, along with confident appearance and assertiveness.
Initiative, persuasive power, readiness to perform, and teamwork skills, along with an enthusiasm for dealing with complex issues.
Excellent communication skills in English written and spoken.

Our Benefits

30 days of vacation; Employer-funded pension; Flexible work; Employee conditions; Digital learning; Diversity; Family & job friendly; Friendly work environment; Inspiring company culture; Work-life balance

The company

In Commerzbank Digital Technology Centre Prague, we are transforming a traditional bank into a digital agile enterprise! We provide a wide range of various IT solutions, .Net and Java development, services in the area of application operation and infrastructure. As a part of Commerzbank Group, we work closely together with the Delivery Organisation of more than 50 different Clusters in our Headquarter in Frankfurt and around the globe.

We are looking for thinkers with unconventional ideas and in return, we offer the freedom to create own job with own vision, wide range of benefits including home office. Sounds interesting?

Contact

In case of interest please apply via this jobportal.