£20K/yr to £100K/yr
London, England
Permanent, Variable

Cyber Threat Intelligence and Vulnerability Management Specialist VP

Posted by Deutsche Bank.

Job Description:

Employer: DWS Group

Title: Cyber Threat Intelligence and Vulnerability Management Specialist (VP)

Location: London

About DWS:

Today, markets face a whole new set of pressures - but also a whole lot of opportunity too. Opportunity to innovate differently. Opportunity to invest responsibly. And opportunity to make change.

Join us at DWS, and you can be part of an industry-leading firm with a global presence. You can lead ambitious opportunities and shape the future of investing. You can support our clients, local communities, and the environment.

We're looking for creative thinkers and innovators to join us as the world continues to transform. As whole markets change, one thing remains clear; our people always work together to capture the opportunities of tomorrow. That's why we are 'Investors for a new now'.

As investors on behalf of our clients, it is our role to find investment solutions. Ensuring the best possible foundation for our clients' financial future. And in return, we'll give you the support and platform to develop new skills, make an impact and work alongside some of the industry's greatest thought leaders. This is your chance to achieve your goals and lead an extraordinary career.

This is your chance to invest in your future.

Team / division overview

Information Security is responsible for preventing IT-based crime, hacking, intentional or inadvertent modification, disclosure, or destruction to the organization's information systems and IT assets and intellectual property. The focus of the role is to ensure highly professional and productive procedures, policies and processes are in place, and aligned and agreed with relevant stakeholders.

Roles within Information Security may cover one or more areas of speciality:

  • Identity & Access Management (which may include, for example, authentication; access management & control; recertification etc.)
  • Information Security (IS) Operations (which may for example include, cyber threat operations; cyber forensics, protection against data leakage etc.)
  • IS Technology (which may include IS architecture, IS engineering, cryptographic services etc.).

Work includes:

  • Identifying and evaluating potential areas of Information Security threat by assessing the probability and impact, and implementing associated mitigations
  • Monitoring and contributing to the implementation of the Information Security strategy
  • Evaluating the adequacy and effectiveness of internal controls relating to Information Security risks
  • Ensuring appropriate procedures, policies and processes are in place, and aligned and agreed with relevant stakeholders
  • Developing appropriate, pragmatic strategies to deliver effective controls and Information Security management objectives and implementation across the bank
  • Managing client relationships and ensuring management focus on the Information Security agenda

Role Details:

As a

Cyber Threat Intelligence and Vulnerability Management Specialist you will

(be):

  • Lead the DWS Cyber Threat Intelligence and Vulnerability Management capability, liaising closely with the central Threat & Vulnerability Management function to provide relevant reports on threats to the sector;
  • Tailor threat intelligence to the needs of a world-leading asset management firm operating across geographical regions;
  • Provide threat intelligence to technical and non-technical stakeholders across tactical, operational, and strategic lines;
  • Identify priority vulnerabilities for expedited patching across the DWS Group estate;
  • Support the management of vulnerabilities by focusing efforts on key areas of remediation;
  • Support the DWS and Deutsche Bank CSO Incident Management team in responding to cybersecurity incidents, including log analysis as required;
  • Liaise with the Central Threat and Vulnerability Management function's threat use case factory in transforming the latest threats into detection rules;
  • Maintain, update, and supplement the existing Priority Intelligence Requirements devised specifically for DWS Group;
  • Maintain, update, and supplement the existing Collection Plan to ensure that the threat intelligence sources ingested by DWS Group fulfil business requirements;
  • Work with the global team to ingest data from wider sources into DWS systems;
  • Maintain and update the existing DWS CSO threat model;
  • Provide thought leadership on emerging cyber threats, trends, and technologies relevant to asset management;
  • Devise new threat scenarios based on both open and closed sources to capture the asset management firm's key cyber threats;
  • Track and report on physical threats to DWS Group, working closely with the global Deutsche Bank services in this area;
  • Develop new threat use cases of focus for DWS Group;
  • As required, act as a point of escalation for higher severity security incidents;
  • Provide technical expertise to support IT risk management assessments.
  • Direct the vulnerability management program, including assessments, scanning, and penetration testing;
  • Provide governance to ensure timely remediation of identified vulnerabilities by working closely with relevant IT and application teams;
  • Maintain a prioritized, risk-based approach to ensure critical issues are addressed in a timely manner

We are looking for:

  • Technical background with experience of cyber security, cyber threat monitoring, vulnerability management and incident response;
  • Exceptional relationship-building and communications skills to liaise comfortably with key internal teams in the bank;
  • Experience of cyber risk analysis in a highly regulated environment;
  • Strong analytical skills, with the ability to translate complex cybersecurity risks into business impacts;
  • Ideally, experience working in the finance sector within a cyber defence team;
  • Experience with advanced threat detection and response technologies
  • Familiarity with the MITRE ATT&CK® framework and mapping threat actors' Tactics, Techniques and Procedures (TTPs);
  • Hands-on experience with a range of enterprise security technologies, including SIEM, EDR, email defence, TIP, SOAR, and UEBA solutions;
  • Demonstrable ability to analyze cyber threats and articulate the associated risk to business stakeholders in an accessible manner;
  • Past use of threat models and analytical frameworks for investigations;
  • Experience in intelligence exchange with commercial and public organizations;Evidence of

Related

We use cookies to measure usage and analytics according to our privacy policy.