The Group Security department directly contributes to the Deutsche Börse Group ICT strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity and availability by enforcing ICT controls based on the relevant regulatory requirements and the international standards like ISO 2700x-series on the Information Security Management System.

Your area of work:

In this role, you will be responsible for designing, evolving, and operating technology‑enabled solutions supporting the group-wide Information and Communication Technology (ICT) Risk Management function and its processes. The role combines solution architecture, risk methodology expertise, data management, and project delivery, acting as a key bridge between risk, cybersecurity, business, and technology teams.

You will play an instrumental role in translating regulatory and risk management requirements into scalable, well‑governed GRC solutions while ensuring data quality, methodological consistency, and effective change delivery.

Your proactive mindset and strong interpersonal skills will be key to building trust and fostering collaboration with stakeholders across business and technology. You will thrive in a friendly, cooperative, and supportive environment that values initiative and teamwork.

Your responsibilities:

• Develop and maintain the solution architecture for ICT Risk Management tools, including the creation of prototypes, business/functional blueprints and requirements.


• Design, implement, and manage the ICT Risk Management solution in line with industry standards (NIST, ISO 27k, DORA) and streamline the control assessment through enterprise ready workflows and automation (OSCAL).


• Oversee the data management lifecycle for all data utilized by the ICT Risk Management process, ensuring data consistency, accuracy, and fitness for purpose.


• Lead and manage multi-disciplinary projects (including developers, PMOs, and SMEs) using an AGILE approach.


• Drive change management initiatives by creating and tracking project plans in designated tools.


• Create and maintain comprehensive documentation, including user guides and work instructions, for ICT Risk Management solutions.

Your profile:

• Master degree in Information Technology, Business Informatics or comparable education


• 8+ years of experience in GRC / ICT Risk Management solution architecture and functional design


• Solid understanding of cybersecurity domains and regulatory frameworks


• Advanced data management and analysis capabilities


• Hands‑on experience with Jira, Groovy, JSON, GitHub, and risk‑related tooling


• Experience with BI tools such as Power BI and Eazy BI is a plus.


• Strong analytical skills, critical thinking, ability to identify problems, propose and communicate solutions


• Autonomous and resilient, with strong planning and organization skills


• Exceptional communication and stakeholder management skills, both verbal and written in English (German would be considered an asset)