As an IT Security & Risk Expert you will be accountable for leading IT Risk Assessment process execution. You will use threat based approach to identify, analyze and evaluate technical risks. In this role you will identify IT control gaps in infrastructure, applications and processes, evaluate the risk exposure related to the services provided by vendors, evaluate risks related with changes in infrastructure and provide recommendations.
The role is located in the UBS office in Zabierzow (Krakow Business Park).
• Identifying scope and assets under review
• Interviewing stakeholders to gather data about the system or service
• Preparing initial and in-depth analysis of applicable threats, vulnerabilities, controls and resulting risks (IT Risk Assessments)
• Creating risk assessments for raised exception requests
• Analyzing network infrastructure change requests and raising potential risk issues
• Analyzing IT control environment of vendors providing various IT services to the bank
• Assisting IT functional management to identify, assess and document risks to the IT environment
• Interacting with IT Management, Business and Risk Management teams across the Bank to discuss risk assessments/risk exposure to ensure accuracy and transparency across all key stakeholders
• Acting as a mentor for junior colleagues
• Providing subject matter expertise in IT Risk Management; leading trainings and awareness presentations
• Participating in initiatives to improve Risk Assessment processes and tools across the company
You'll be working in the Central Risk Services Department in UBS office in Zabierzow (Krakow Business Park). Our role is to support both Group Technology and the Business in improving overall risk assessment process and implementing most effective remediation measures.
Your experience and skills
- IT related University degree
- Minimum 6 years of experience in IT related position
- Experience in IT Security, Risk Management or Controls Assessment
- Very good written and spoken English
- Broad IT technical knowledge and motivation to develop experience in IT security area
- Strong interest in IT Security (general security concepts, network security, access control and identity management, vulnerability management, remote access methods, external hosting practices, applications and infrastructure security principles)
- Experience in one or more: IT Risk Assessments, IT Audit, Penetration Testing or Vendor Assessments
- Experience in a financial institution
- Experience with industry recognized standards for IT security controls and best practices: NIST, ISO27001, ISO31000, PCI DSS, COBIT, IRAM etc.
- Industry specific professional certifications, e.g.: CISSP, CISA, CISM, CRISC
- Very good communicator and team player
- Able to work in changing environment
- Excellent analyst with problem-solving skills and attention to details
- Able to work with multiple sources of data and identify the links between them
What we offer
UBS offers talented individuals around the world a challenging, diverse and supportive working environment in which passion, commitment and hard work are valued and rewarded.
Take the next step
Fitting in at UBS means being passionate and motivated about what you do. If you like collaborating, are used to challenging others and being challenged in return, then you have the right attitude to thrive in our environment. Want to become part of our team? Apply now on www.ubs.com/polandcareers