(Senior) Information Security Risk Control Specialist
Compliance, Corporate services, infrastructure and facilities, Risk
Job Reference #
As per UBS Information Security policy, UBS is required to perform a risk assessment of Third Party Information Security control environment on a cyclical basis.
The 3PISA process verifies adherence to applicable UBS controls from an organization, business process and/ or information system perspective. The 3PISA is applicable to Third Parties engaged in provision of services/ products with technology and/ or data related to UBS.
Do you have experience in IT and an analytical mind? Are you risk averse Do you enjoy working as part of a global, dynamic, and diverse team? Are you ready to face new challenges and embrace change and new ideas?
We’re looking for someone with those interests who:
• conducts Third Party Information Security Assessments (3PISA), including related data collection, analysis and reporting
• identifies, areas of potential risk to Information Security control environment, evaluates their potential impact and reviews Third Party’s existing controls
• manages relationships with various stakeholders across the organisation
• acts as change champion and applies continuous improvement to process and knowledge management
You’ll be working in the TPRM 3PISA Team in the UBS office in Krakow or Wroclaw cooperating with various stakeholders across all company divisions and supporting colleagues from different areas of the firm, including Risk Taxonomy Owners, Operational Risk Managers, Business Continuity Management and Outsourcing & Supplier Management, in improving overall risk assessment process and implementing most effective remediation measures.
• at least 2 years of experience in one of the following areas: IT audit or information security, operational risk management, compliance, risk and control assessments
• understanding of operational risk management and its implementation in practice
• experience in assessing or auditing in the area of information security
• strong analytical skills with the ability to collect, analyse and process significant amount of data to determine compliance with relevant UBS policies and standards
• strong written and verbal communication skills with a proven track-record of building and maintaining relationships with internal or external stakeholders at all levels
• excellent report writing and MS Office products skillset
• good organization, detail orientation, the ability to provide practical solutions, work under pressure and deliver under tight deadlines
• strong interpersonal skills and the ability to work in a diverse team
• eagerness to learn and to solve problems, the ability to take ownership and deliver results in a challenging environment
• fluent English, both written and spoken; any other language is a plus
• experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT etc.
• one of the following professional qualifications obtained: CEH, CISSP, CISA, CISM, CRISC or ITIL
Expert advice. Wealth management. Investment banking. Asset management. Retail banking in Switzerland. And all the support functions. That's what we do. And we do it for private and institutional clients as well as corporations around the world.
We are about 60,000 employees in all major financial centers, in more than 50 countries. Do you want to be one of us?
We're a truly global, collaborative and friendly group of people. Having a diverse, inclusive and respectful workplace is important to us. And we support your career development, internal mobility and work-life balance. If this sounds interesting, apply now.
Disclaimer / Policy Statements
UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce.
You are kindly requested to include the following clause in your application: "Wyrażam zgodę na przetwarzanie moich danych osobowych zawartych w ofercie pracy dla potrzeb procesu rekrutacji zgodnie z ustawą z dnia 27.08.1997r. Dz. U. z 2002 r., Nr 101, poz. 923 ze zm."