Head of Threat Intelligence and Threat Hunting

Tracing its origins to 1585, Deutsche Börse Group has become one of the world’s leading exchange organisations and an innovative market infrastructure provider. In this role, we provide investors, financial institutions and companies access to global capital markets. What’s your part in all this? With your commitment you contribute to the success of our unique business model: offering a wide range of products, services and technologies for security, transparency and integrity on the markets. By creating trust in the markets of today and tomorrow we foster growth and contribute to the prosperity of future generations.

Your career at Deutsche Börse Group

The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity, and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System. 

Area of work:

Reporting to the Head of Cyber Defense, you will lead Threat Intelligence and Threat Hunting unit, accountable for providing regular cyber and geo-political threat intelligence (TI) updates to senior management, and support Group Security management in board-level presentations, emphasizing effective collaboration with internal stakeholders. Daily interactions occur with senior individuals across Deutsche Börse Group’s global businesses, and engagement extends to government agencies, financial organizations, and cybersecurity communities to exchange information and best practice. 

Operating strategically and globally, the role ensures TI policies adapt to diverse business landscapes and evolving cyber threats. Tactically, focus lies on current and imminent cyber threats, entailing the development and fine-tuning of threat detection and response mechanisms. Operationally, the role manages day-to-day TI activities, guiding the team in real-time data analysis and ensuring timely responses to threats, aligning activities with strategic and tactical goals. As a line manager, people management must be an integral part of your agenda. You are expected to actively work on your teams’ and team member’s personal development by proposing development measures and creating visibility for talent. As part of the Group Security Leadership team, you will be tasked to make an effective contribution towards increasing the team’s diversity.

Your responsibilities:

• Accountable for developing and implementing Deutsche Börse Group’s global threat intelligence (TI) strategy.

• Assess global threat trends and formulate high-level policies for long-term TI vision.

• Oversee the development of real-time threat detection and response mechanisms.

• Conduct regular risk assessments and devise specific countermeasures for imminent cyber and geo-political threats.

• Direct day-to-day threat intelligence activities, ensuring real-time monitoring and analysis of data.

• Lead and mentor a diverse team of TI professionals, fostering a collaborative workforce.

• Engage with internal and external stakeholders for information sharing and joint initiatives.

• Provide clear and concise reports on current threats to global senior management.

• Execute key operational decisions with high impact on attacks and threats, incorporating intelligence for enhanced proactive and reactive operations.

Your profile:

• University degree in Information Systems, Political Science, or a related field.

• 5+ years of work in TI role with management/project experience.

• Excellent people management skills, experience of managing international teams.

• In-depth knowledge of relevant legal and regulatory frameworks in the financial industry (e.g., MaRisk, BAIT, German BSI IT-Grundschutz, CSSF circulars) and industry standards.

• Ability to translate regulatory requirements into operational plans and actions.

• Solid knowledge and understanding of cyber technologies, processes, and methodologies (e.g., SIEM, IDS/IPS, threat analysis, incident response, forensics analysis, MITRE ATT&CK).

• Deep understanding and experience with dark web intelligence gathering, as well as applying the gathered intelligence in the context of a dynamic and fast-paced investigation.

• Expertise with tools that enable threat intelligence collection, analysis, and research.

• Excellent analytical skills, creativity, critical thinking, ability to identify and present problems and to propose solutions.

• Proficiency in written and spoken English and German.