Cyber and Technology Risk Controller
Job Reference #
You will be overseeing cyber and technology activities in Group Technology and the wider UBS organization with the following goals/activities:
- Oversee and challenge implementation of the bank’s Operational Risk Framework processes in the divisions and CC functions
- Closely liaise with relevant peers in C&ORC in order to ensure that cyber and technology related activities are understood, owned, managed and properly reflected in Risk Appetite Statements and business-owned Risk and Control Self Assessments.
- Analyze and review IT control deficiencies, risks and issues and provide independent assurance by conducting thematic reviews or providing ad-hoc risk assessments
- Interface and partner with 1LoD (especially Technology Risk Management and Divisional Information Security Officers) to ensure risks are managed to the firm's risk appetite articulated by Taxonomies 7 and 10 and the Risk Appetite Statements.
- Oversee and challenge operational risks introduced by change initiatives, especially by actively providing subject matter expertise to the New Business Control process
- Continuously improve awareness about global risk and security management frameworks, policies and processes with C&ORC, Group Technology and the wider UBS organization
- Support IT and the business in providing challenge on ORI writing quality and reviewing evidence packs of significant ORIs or Audit Issues prior to closure.
- Follow up and promptly report on material issues and escalations, as required
The mandate of C&ORC CC Cyber and Technology Risk is to ensure that all compliance, conduct and operational risks related to cyber and the introduction and management of information technology used across the firm are understood, owned and managed to the firm’s risk appetite. The information technology may be owned by the central UBS Technology organization, the Business Divisions or Corporate Center functions.
You are part of the CC Cyber and Technology Risk control team, which sits in the second line of defense (2LoD) and has two main areas of coverage:
1. Functional oversight of UBS Technology and CISO with named controllers responsible for face-off and challenge
2. Taxonomy 10 and 7 controller ownership, including independent review of firmwide risks in the taxonomy and challenge of risk appetite statements
• Strong communication and relationship management skills
• Strong analytical and problem solving skills
• Experience in Information security and/or risk management or audit, preferably in finance sector
• Team player and ability to work independently and proactively
• Take ownership of tasks and assignments end-to-end
• Fast understanding and ability to analyze and prioritize according to management and business requirements
• Certification in the Information security, risk management and/or project management is a plus
• Fluent English both written and spoken. German • Flexibility, self-motivation to learn and ability to effectively contribute and meet goals within agreed deadlines
• Data analytics skills and statistical knowledge of advantage
• Verbal communication, writing and presentation skills
• Strong technical background, with an ability to put technologies and data related risks into a business perspective
• Respected, influential, with very high integrity, able to work under pressure and tight deadlines, able to defend positions
Expert advice. Wealth management. Investment banking. Asset management. Retail banking in Switzerland. And all the support functions. That's what we do. And we do it for private and institutional clients as well as corporations around the world.
We are about 60,000 employees in all major financial centers, in more than 50 countries. Do you want to be one of us?
We're a truly global, collaborative and friendly group of people. Having a diverse, inclusive and respectful workplace is important to us. And we support your career development, internal mobility and work-life balance. If this sounds interesting, apply now.
Disclaimer / Policy Statements
UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce.
You are kindly requested to include the following clause in your application: "Wyrażam zgodę na przetwarzanie moich danych osobowych zawartych w ofercie pracy dla potrzeb procesu rekrutacji zgodnie z ustawą z dnia 27.08.1997r. Dz. U. z 2002 r., Nr 101, poz. 923 ze zm."