ICT GRC - Firewall Governance Manager

ICT GRC - Firewall Governance Manager About the Opportunity We are excited to announce the formation of a brand-new specialist team within our second-line ICT GRC (Governance, Risk, and Compliance) function. As part of this strategic expansion, we are looking for two Firewall Governance Managers and one Senior Associate to build out our network security oversight capabilities from the ground up. This is a unique opportunity for a Security Engineer or Firewall Maintainer to become the control owner and subject matter expert for network security governance across the bank’s global cloud-based firewall environment. While our first-line engineering teams manage day-to-day operations and configurations, your mission is to provide the "independent eye." You will ensure that firewall management practices meet internal policies, stringent regulatory expectations (DORA, BAIT, MaRisk), and industry best practices. This is a unique chance to join a growing team where you can help shape the framework for how we review, challenge, and guide technical controls. You’ll perform independent assurance activities and drive the continuous improvement of perimeter and segmentation security across the bank’s entire digital infrastructure. In This Role, You Will (Key Responsibilities) Define, maintain, and enhance governance controls for firewall management in line with internal policies, DORA, and BaFin requirements. Conduct second line reviews of firewall configurations, rule changes, and network segmentation to ensure compliance and risk reduction. Challenge and assess the effectiveness of first line firewall controls, including rule review, change management, and logging or monitoring processes. Oversee and document key control testing activities for network perimeter and segmentation defenses as part of the ICT control framework. Support internal and external audits, as well as regulatory reviews, by providing evidence and technical context for firewall-related controls. Maintain visibility over firewall-related risks in the ICT Risk Register, ensuring mitigation actions are clearly defined, tracked, and reported. Collaborate closely with Security Engineering and Network Operations teams on architecture changes, rule optimizations, and incident response actions involving network layers. Monitor compliance with DORA, BAIT, ISO 27001, and NIST standards related to network and perimeter security. Provide governance input and technical advisory during firewall technology lifecycle reviews, vendor assessments, and control revalidations. Contribute to ICT GRC dashboards, reports, and control testing summaries shared with the CISO Office and Non-Financial Risk Committee. What You’ll Bring (Qualifications) 4–5 years of experience in network security, firewall administration or security operations Strong understanding of enterprise firewall technologies (e.g., Palo Alto, Check Point, Fortinet, Cloudflare) and network security concepts (routing, NAT, VPN, IDS/IPS). Proven experience with firewall rule audits, configuration baselines, and security hardening practices. Familiarity with ICT control frameworks and second line assurance models. Analytical and communication skills to translate technical findings into governance and risk context. Fluency in English, additional fluency in German highly advantageous Firewall certification(s) preferred, such as: SANS SEC503 OR SEC530 OR SEC401) Checkpoint: (eg. CCSA OR CCSE OR CCSM) AWS (eg. ANS-01 OR SCS-CO2) Palo Alto What will make your application stand out: Working knowledge of EU or German financial sector regulations, such as DORA, BAIT and MaRisk. Understanding of ISO 27001, NIST CSF, or COBIT frameworks. Knowledge with Firewall Governance tools (such as Tufin, AlgoSec) is a plus You’ll Succeed If You Combine strong technical knowledge with a governance and assurance mindset. Are proactive, detail-oriented, and comfortable challenging established practices. Can bridge the ... (truncated, view full listing at source)