• Coordinating incident response activities across all geographic regions, including communication and collaboration with internal and external stakeholders to promptly mitigate security incidents.
• Ensuring compliance with regulatory requirements and international security standards, particularly the specific requirements of the banking environment (e.g., BaFin, GDPR, PCI DSS, DORA, etc.).
• Continuously improving incident response strategies and processes based on the latest threat and attack patterns, including the implementation of automation solutions for incident handling.
• Monitoring and analyzing threat landscapes and identify potential security gaps and vulnerabilities.
• Conducting simulations and security exercises to prepare the team and the organization for potential incidents and enhance responsiveness.
• Preparing reports and analyses on incidents, their impact, and the measures taken, and presenting the results to senior management and regulatory authorities.
• Working closely with the IT department, risk management, the legal department, and external security service providers to ensure all security incidents are handled appropriately and efficiently.

• At least 5 years of professional experience in IT security, with a minimum of 2 years in security incident management, preferably in a banking environment or a highly regulated industry.
• In-depth knowledge in the areas of IT security, risk management, and threat analysis, with specific expertise in handling security incidents in the banking sector.
• Experience with regulatory requirements and security standards such as BaFin, GDPR, PCI DSS, ISO 27001, NIST, DORA, and other relevant regulations.
• Strong problem-solving skills and the ability to remain calm and focused in stressful and complex situations.
• Excellent communication skills and the ability to convey complex technical information to non-technical stakeholders.
• Business fluent in English.
• Certifications such as CISSP, CISM, CISA, GIAC, or similar are advantageous.

In return, we offer:

• Good work-life balance, including 25 days annual paid leave (increasing with 1 day per year up to 31 in total), flexible working hours, work-from-home and work from abroad opportunities;
• Luxury package of additional health and dental insurance;
• Food vouchers in the amount of EUR 80 monthly;
• 6 additional annual days off for exceptional circumstances
• Employee assistance program for psychological, financial and legal consultations;
• Multisport card;
• Annual contribution of EUR 153.39 net per child for a summer camp/school/kindergarten for children up to age of 15;
• Possibilities for building career-advancing skills by covering training/certification courses and conferences based on individual learning and development needs, access to an online learning platform;
• Opportunities for long-term professional development in a stable, 150-year-old company while contributing to the vision of a new, just starting Digital Technology Center;
• Friendly and supportive multicultural environment, open to new opinions and ideas.

Commerzbank is proud to be an equal opportunity employer, committed to creating a diverse environment. All qualified applicants will receive consideration for employment without regard to gender, race, color, national origin, religion, gender identity or expression, sexual orientation, genetics, disability, age, or any other characteristics.

Learning Platforms; Children Summer Camp Contribution; Employee assistance program; Food vouchers; 6 Exceptional Days Off; 25 up to 31 annual paid leave; Multisport Card; Health& Dental Insurance; Work-life balance; Work internationally

Commerzbank is a leading international commercial bank with branches and offices in almost 50 countries. The world is changing, becoming digital, and so are we. We are leaving the traditional bank behind us and we are choosing to move forward as a digital enterprise.

As part of this strategy, Commerzbank continues the expansion of its Digital Technology Center in Sofia, Bulgaria. We need motivated people who will join us on this journey and we are looking for a Security Incident Responder in our Cyber Defence and Base services team.

Apply now with your up-to-date CV in English!

Due to the high volume of applications, we contact only the candidates who best match the role requirements. If you do not hear from us within 14 days, please consider that we won't proceed with your application at this stage.