Information and Cyber Security Technical Risk Assessor

Job Description

Do you have a strong technical background Do you have proven knowledge in the area of Cyber and Information Security Do you have knowledge of Technology Risk Management We re looking for a Technical Risk Assessor to join the Risk Assessments and Metrics team within the Chief Information Security Office department of UBS to: Perform technical risk assessments in the area of Information and Cyber Security based on current cyber threat landscape. Perform deep dives and thematic reviews into bank s Information and Cyber Security capabilities and services drawing conclusions on the overall risk posture of a specific security vertical. Proactively and constructively challenge the status quo identifying operational risks, proposing realistic remediation or improvement solutions while understanding potential tradeoffs and minimizing risks. Be the trusted technical partner for Information and Cyber Security stakeholders in a highly federated environment, being the advocate of the risk culture. Streamline and standardize the technical risk assessment process by facilitating reusability of information and knowledge accumulated over time in the team, thus being able to produce risk assessments quickly, in a fast pace environment. Interface with data analytics teams to integrate objective data analytics insights into the risk assessment process to produce high quality deliverables.Your teamYou ll be joining the Chief Information Security Office, specifically working in the Risk Assessments and Metrics team. You ll be working in Poland and will work on a range of topics related to Information and Cyber Security and technical risk management. We are the single point of contact and recognized subject matter expert for all matters related to Cyber and Information Security., Substantial experience in technical risk management in Information and Cyber Security, with a focus on technologies and digital aspects, particularly: Degree in Computer Science, Computer Engineering, Electrical Engineering, Information Security or related discipline. Strong knowledge in multiple areas like network security, database security, cloud security, application security, infrastructure and system hardening, technical security controls implementation and ability to judge effectives of security control implementation against threats and risk scenarios. Strong technical expertise in one or more areas among Data Protection, Identity and Access Management and Cyber Security. Strong technical knowledge and passion for enabling technologies to operate securely (e.g. Cloud). Strong knowledge of both Information and Cyber Security risk management and control frameworks (e.g. ISO27001, NIST CSF) and operational threat management frameworks (e.g. MITRE ATT&CK) Exposure to technology and Information and Cyber Security regulatory requirements balancing compliance with pragmatic risk management skills. Very welcome candidates with experience in offensive security or operational security role with the desire of shifting toward technical risk management role, while maintaining technical skills and knowledge of security technologies as the core of their expertise. Welcomed industry recognized certifications like CISSP, CCSP, CISM, CISA, OSCP, SANS etc. Preferred understanding of the financial industry and especially of control and business enabling functions (e.g. Technology Risk, Operations, etc.). Strong problem solving and analytical skills mixed with a structured but pragmatic attitude. Team player with the ability to work independently and take initiative in order to organize, manage and complete projects and deliverables within tight deadlines. Persuasive oral and effective written presentation skills.

Keyskills :
security riskdata analyticscyber securitycloud securitynetwork securitytechnical skillsaccess managementdatabase securitythreat managementsecurity controlsinformation security