Senior Application Security Technical Risk Assessor

Job Description

Do you have a strong technical background Do you have proven knowledge in the area of Cyber and Information Security Do you have knowledge of Technology Risk Management We re looking for a Senior Application Security Technical Risk Assessor to join the Risk and Oversight team within the Cyber and Information Security Services organization led by the Group Chief Information Security Officer to: Perform independently high-quality and high-integrity Cyber and Information Security technical risk assessments, root cause analysis, risk investigations, secure architecture reviews on applications IT and Cloud architectures, technology stacks and related business projects, based on current cyber threats landscape and emerging risks. Perform deep dives and thematic reviews into bank s Cyber and Information Security capabilities and services affecting the security of business applications used in the bank, drawing conclusions on the overall risk posture of specific business applications clusters. Proactively and constructively challenge the status quo identifying Cyber and Information Security operational risks in business applications, proposing realistic remediation or improvement solutions while understanding potential tradeoffs and minimizing risks, always having an attacker perspective in mind. Be the trusted technical partner in Cyber and Information Security for business applications owners, the respective agile IT development teams and supporting functions (e.g. project managers, business analysts), being the advocate of the security risk culture during the Software Development Lifecycle. Streamline and standardize the application security risk assessment process by facilitating reusability of information and knowledge accumulated over time in the team, thus being able to produce risk assessments quickly, in a fast pace environment. Be open in learning data analytics techniques and manage data sets to integrate objective data analytics insights into the risk assessment process to produce high quality deliverables.Your Career ComebackWe are open to applications from career returners. Find out more about our program on ubs.com/careercomeback .Your teamYou ll be joining the Risk and Oversight team within the Cyber and Information Security Services organization led by the Group Chief Information Security Officer. You ll be working with team members located across the globe, while reporting into the Head of Cyber Security Risk Assessments based in Zurich, and will work on uplifting the application security risk assessments vertical. Cyber and Information Security Services is the single point of contact and recognized subject matter expert for all matters related to Cyber and Information Security in the bank., Substantial experience in application security technical risk assessments and management, with a focus on IT and Cloud architectures, technology stacks and digital aspects, particularly: Degree in Computer Science, Computer Engineering, Electrical Engineering, Information Security or related discipline. Strong technical expertise in application security and related areas like network security, database security, cloud security, infrastructure and system hardening, security architectures, technical security controls implementations. Ability to judge effectiveness of secure design of technical IT architectures of business applications against threats and risk scenarios. Strong technical expertise in security controls allowing business applications to operate securely (e.g. SAST, DAST, Penetration Testing, Vulnerability Scanning). Strong technical knowledge and passion for enabling technologies and code to operate securely (e.g. new business applications, Cloud, Secure Software Development Lifecycle, DevOps). Strong knowledge of application security frameworks (e.g. NIST 800-53, NIST SSDF, OWASP) and operational threat management frameworks (e.g. MITRE ATT&CK). Exposure to technology and Information and Cyber Security regulatory requirements balancing compliance with pragmatic risk management skills. Very welcome candidates with experience in offensive security, secure application development and testing or operational security role with the desire of shifting toward technical risk management role, while maintaining technical skills and knowledge of security technologies as the core of their expertise. Welcomed industry recognized certifications like CISSP, CCSP, CISM, CISA, OSCP, SANS etc. Strong problem solving and analytical skills mixed with a structured but pragmatic attitude. Team player with the ability to work independently and take initiative in order to organize, manage and complete projects and deliverables within tight deadlines. Persuasive oral and effective written presentation and reporting skills. Please note that risk assessment reports writing is an integral part of the role.

Keyskills :
software development life cycleroot causeroot cause analysis