To ogłoszenie wygasło w dniu 2016-02-25 10:58.
UBS Kraków

UBS - IT Security & Risk Expert

UBS Kraków

Opis oferty

As an IT Security & Risk Expert you will be a part of Central Risk Services Department. You will be accountable for leading IT Risk Assessment process execution. You will use threat based approach to identify, analyze and evaluate technical risks. In this role you will identify IT control gaps in infrastructure, applications and processes, evaluate the risk exposure related to the services provided by vendors, evaluate risks related with changes in infrastructure and provide recommendations.
You will actively support both Group Technology and the Business in improving overall risk assessment process and implementing most effective remediation measures. The role is located in the UBS office in Zabierzow (Krakow Business Park).


Responsibilities: • Identifying scope and assets under review
• Interviewing stakeholders to gather data about the system or service
• Preparing initial and in-depth analysis of applicable threats, vulnerabilities, controls and resulting risks (IT Risk Assessments)
• Creating risk assessments for raised exception requests
• Analyzing network infrastructure change requests and raising potential risk issues
• Analyzing IT control environment of vendors providing various IT services to the bank
• Assisting IT functional management to identify, assess and document risks to the IT environment
• Interacting with IT Management, Business and Risk Management teams across the Bank to discuss risk assessments/risk exposure to ensure accuracy and transparency across all key stakeholders
• Acting as a mentor for junior colleagues
• Providing subject matter expertise in IT Risk Management; leading trainings and awareness presentations
• Participating in initiatives to improve Risk Assessment processes and tools across the company


• IT related University degree
• Minimum 6 years of experience in IT related position
• Experience in IT Security, Risk Management or Controls Assessment
• Very good written and spoken English
• Very good communication skills and ability to work in the team
• Broad IT technical knowledge and motivation to develop experience in IT security area
• Strong interest in IT Security (general security concepts, network security, access control and identity management, vulnerability management, remote access methods, external hosting practices, applications and infrastructure security principles)
• Very good analytical and problem-solving skills and attention to details
• Ability to work with multiple sources of data and identify the links between them

Additional assets:

• Experience in one or more: IT Risk Assessments, IT Audit, Penetration Testing or Vendor Assessments
• Experience in a financial institution
• Experience with industry recognized standards for IT security controls and best practices: NIST, ISO27001, ISO31000, PCI DSS, COBIT, IRAM etc.
• One or more certifications achieved: CISSP, CISA, CISM, CRISC

Metodologia pracy