Job Description

Your area of work:

As part of the Cyber Protection – Detect & Prevent unit, you will join a highly skilled, geographically distributed team of cybersecurity specialists based in Eschborn, Luxembourg, Prague and Hyderabad. In this senior role, you will act as a cryptography subject‑matter expert with a strong focus on governance, policy management, risk oversight and assurance. You will contribute to the definition, evolution and oversight of Deutsche Börse Group’s cryptographic and key‑management protocols and algorithms to support the development, implementation, and evaluation of secure systems and applications, ensuring alignment with internal security frameworks and regulatory expectations. You will work closely with cybersecurity teams, application owners, Corporate IT, cloud and architecture teams to ensure robust security design, consistent policy adherence and resilience against evolving threats.

Your responsibilities:

• Maintain, review and further develop group‑wide written rules related to encryption, key management and cryptographic controls.
• Ensure policies, governance models and procedural requirements remain compliant with regulatory expectations and internal risk frameworks.
• Define clear organisational responsibilities for cryptographic measures and key‑management processes across Legal Entities and Corporate IT.
• Lead periodic guideline reviews, ensuring updates reflect new risks, standards, regulatory changes and emerging cryptographic developments.
• Define and maintain control requirements for encryption and key‑management processes, including governance expectations for PKI, certificates and key lifecycle management.
• Oversee documentation requirements for PKI architecture, certificate authorities and key/certificate registers.
• Validate that governance principles such as separation of duties, multiple‑eyes controls, and access‑management rules are correctly defined and applied.
• Coordinate assurance activities and support oversight of compliance with cryptographic governance requirements.
• Conduct and support cryptographic risk assessments, including evaluations of deviations, exceptions or compensating measures.
• Analyse the impact of cryptographic policy changes or new regulatory requirements on the organisation’s risk posture.
• Support audit readiness and act as a primary contact for internal/external auditors and regulators on cryptography governance topics.
• Oversee incident‑response processes as they relate to cryptographic key compromise, certificate issues or governance breaches.
• Provide expert guidance on the secure design and governance of cryptographic protocols, architectures and high‑level security mechanisms (TLS, IPsec, digital signatures, PKI, cloud encryption).
• Partner with Corporate IT, application teams and cloud/security architects to ensure compliant implementation of cryptographic policies and governance requirements.
• Support major projects, new product introductions and architectural changes with cryptography governance expertise.
• Engage in cross‑functional working groups focused on cryptography, secure communications and data‑protection topics.

Your profile:

• Bachelor’s or Master’s degree in Computer Science, Mathematics, Cybersecurity or a related field.
• Hands‑on experience in applied cryptography, information security, risk management or security governance.
• Strong understanding of symmetric and asymmetric cryptography (e.g., AES, RSA, ECC)., cryptographic protocols and PKI principles.
• Familiarity with key‑management systems, hardware security modules (HSMs), certificate lifecycle management and cloud security concepts (high‑level understanding; implementation performed by Corporate IT).
• Solid foundation in security governance, security architecture principles or risk management.
• Ability to communicate complex cryptographic and governance concepts clearly to both technical and non‑technical audiences.
• Strong attention to detail combined with an analytical mindset and excellent problem‑solving skills.
• Proven ability to work collaboratively in cross‑functional teams and engage effectively with diverse stakeholders.
• Proficiency in written and spoken English is required; German language skills are a strong plus.
• Highly motivated, adaptable and proactive in learning and staying current with emerging cryptographic and regulatory developments.