You will use threat based approach to identify, analyze and evaluate technical risks. In this role you will identify IT control gaps in infrastructure, applications and processes, evaluate the risk exposure related to the services provided by vendors, evaluate risks related with changes in infrastructure and provide recommendations.
You will support both Group Technology and the Business in managing those risks by advising them on implementing most effective remediation measures.
The team consists of IT security experts and IT risk analysts; therefore it will allow a successful candidate to build knowledge and expertise in the area.
The role is located in the UBS office in Zabierzow (Krakow Business Park).
What we offer:
UBS offers talented individuals around the world a challenging, diverse and supportive working environment in which passion, commitment and hard work are valued and rewarded.
Take the next step:
Fitting in at UBS means being passionate and motivated about what you do. If you like collaborating, are used to challenging others and being challenged in return, then you have the right attitude to thrive in our environment. Want to become part of our team? Apply now on www.ubs.com/polandcareers
Wymagania i obowiązki
• Identifying scope and assets under review
• Interviewing stakeholders to gather data about the system or service
• Preparing initial and in-depth analysis of applicable threats, vulnerabilities, controls and resulting risks (IT Risk Assessments)
• Creating risk assessments for raised exception requests
• Analyzing network infrastructure change requests and raising potential risk issues
• Analyzing IT control environment of vendors providing various IT services to the bank
• Assisting IT functional management to identify, assess and document risks to the IT environment
• Interacting with IT Management, Business and Risk Management teams across the Bank to discuss risk assessments/risk exposure to ensure accuracy and transparency across all key stakeholders
• Participating in initiatives to improve Risk Assessment processes and tools across the company
• Bachelor or Master degree in IT or in a related field
• Minimum 3 years of experience in an IT related position
• Experience in IT, IT Security, Risk Management or Controls Assessment
• Very good written and spoken English
• Broad IT technical knowledge and motivation to develop experience in IT security area
• Strong interest in IT Security (general security concepts, network security, access control and identity management, vulnerability management, remote access methods, external hosting practices, applications and infrastructure security principles)
• Very good analytical and problem-solving skills and attention to details
• Ability to work with multiple sources of data and identify the links between them
• Experience in one or more fields: IT Risk Assessments, IT Audit, Penetration Testing or Vendor Assessments
• Experience in a financial institution
• Experience with industry recognized standards for IT security controls and best practices: NIST, ISO27001, ISO31000, PCI DSS, COBIT, IRAM etc.
• Qualifications, both achieved or certification in progress: CompTIA Security+, SSCP, CISA, CISSP