IT Application Owner - Assistant Vice President

ITAO, AVP

Job Description:

Job Title: ITAO, AVP

Location: Pune, India

Corporate Title: Assistant Vice President

Role Description

We are seeking an IT Application Owner to join DWS Private Markets Technology to onboard and own the SaaS based solutions to enable sustainable growth of business. You will work closely with the wider technology team and business stakeholders to ensure applications are onboarded and operated in a compliant manner to achieve the business outcomes.

• The successful candidate is expected to have at least 12-15 years’ experience in IT, preferably with Asset Management Business Applications and Processes.
• The IT Application Owner (ITAO) has sound IT risk management skills. They follow one of several possible service delivery approaches, acknowledge interference with the IT application’s life cycle and assist with incorporating the adopted approach into best practice.
• Make sure that all steps in Identity & Access Management cycle (on-boarding, recertification, off-boarding) are compliant against DB Policies and application is on-boarded to central tools.
• The ITAO is aware of the gap in the current infrastructure solutions and where industry innovations are along the maturity lifecycle. They work with application stakeholders to improve the infrastructure, ensuring compliance with the technical roadmap.
• The ITAO has a sound knowledge of development methodologies and the IT policies necessary to perform effectively in the organization, aligned to the bank’s appetite for risk.
• The ITAO acts to improve safety and security of the application, compliance with regulations, policies, and standards, enhance operational readiness, and ease maintenance of the environment for delivering change into production.
• The ITAO supports the bank’s audit function in the remediation of audit points and self-identified issues to reduce risk.
• The ITAO is responsible for producing and maintaining accurate documentation on compliance with methodologies, IT policies and IT security requirements.
• The ITAO interacts with and influences colleagues on the governance of IT platform reliability and resilience
• ITAOs will also be responsible for Application Decommissioning
• ITAOs will be driving activity that helps incidents reduction against an application
• Support compliance on all steps of SDLC process and make sure that all SDLC controls are green.
• Support the team’s role as key contact for all security controls in the software delivery process and ensure that the security controls are evidenced by driving automated evidence.
• Consult with the ITAO community, information security specialists in our CSO organization, and other infrastructure teams like the ORR/SDLC teams. 

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities

• Enterprise IT Governance: Responsible for review of current and proposed information systems for compliance with the organization’s obligations (including legislation, regulatory, contractual and agreed standards/policies) and adherence to overall strategy
• Information security: Communicates information security risks and issues to business managers and others. Performs basic risk assessments for small information systems. Contributes to vulnerability assessments. Applies and maintains specific security controls as required by organizational policy and local risk assessments. Investigates suspected attacks. Responds to security breaches in line with security policy and records the incidents and action taken.
• Information content publishing: Understands technical publication concepts, tools and methods and the way in which these are used. Uses agreed procedures to publish content. Obtains and analyses usage data and presents it effectively. Understands, and applies principles of usability and accessibility to published information.
• Business risk management: Investigates and reports on hazards and potential risk events within a specific function or business area.
• Continuity management: Implements and contributes to the development of a continuity management plan. Coordinates the assessment of risks to the availability, integrity and confidentiality of systems that support critical business processes. Coordinates the planning, designing, and testing of maintenance procedures and contingency plans.
• Data management: Assists in providing accessibility, retrievability, security and protection of data in an ethical manner.
• Methods and tools: Provide support on the use of existing method and tools. Configures methods and tools within a known context. Creates and updates the documentation of methods and tools 

Overall Responsibilities Summary

• Ensure appropriate controls onboarded and implemented where appropriate.
• Make sure that all steps in Identity & Access Management cycle (on-boarding, recertification, off-boarding) are compliant against DB Policies and application is on-boarded to central tools.
• Manage Internal and external application audits and Audit issue remediation activities.
• Completion of regular/recurring assessments
• Timely response to audit & regulatory requirements with evidence, were compliant.
• Make sure that infrastructure is compliant and has up-to-date patches.
• Plan for Application Hardware / Software / License upgrades or migration activities to align to the compliant platforms.
• Keep up-to-date DR Test Plan and manage regular DR Tests
• Manage application capacity forecasting and monitoring.
• Manage any IT Security incidents that may occur in the application.
• Support compliance on all steps of SDLC process and make sure that all SDLC controls are green.
• Application Decommissioning
• Drive incidents reduction against an application 

Your skills and experience

• Degree-level IT and/or information security qualification, or equivalent experience in Information Security and IT Security
• Experience in Software Development Lifecycle (SDLC) - from idea to production to understand our customer journey, these mostly application owners, business ISOs and development teams
• General understanding of current security industry standards, best practices, and/or frameworks i.e.: NIST, ENISA, ISO27001, OWASP
• Problem-solving and analytical skills with the ability to oversee complex processes
• Ability to educate a technical and non-technical audience about various security measure
• Excellent communications skills and very service oriented and customer friendly behavior even in stressful situations
• Self-driven behavior
• Fluent in English (written/verbal) 

Preferable

• Knowledge of information security tools e.g., security scan and testing tools
• Understanding of cloud engineering and native security features to support the migration path for applications onto the cloud environment
• Firm understanding of DevSecOps and the banks shift left agenda to integrate security in the software development lifecycle as earliest as possible.
• ISO or ITAO certification (for internals only)
• Experience or knowledge of asset management industry (specifically Private Markets domain)

How we’ll support you

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:

https://www.db.com/company/company.html

We at DWS are committed to creating a diverse and inclusive workplace, one that embraces dialogue and diverse views, and treats everyone fairly to drive a high-performance culture. The value we create for our clients and investors is based on our ability to bring together various perspectives from all over the world and from different backgrounds. It is our experience that teams perform better and deliver improved outcomes when they are able to incorporate a wide range of perspectives. We call this #ConnectingTheDots.

Experience Level

Executive Level