IT Risk Manager
- Provide sound subject matter advice and challenge across the full range of risk management lifecycle activities relating to the Bank's technology and cyber taxonomies. This includes risk identification, assessment, and oversight of remediation planning and execution; participation and challenge of IT risk related activities.
- Attend and actively participate in technology function / regional operational risk forums, understand and challenge technology related issues and actions relating to how Technology manages it risks and controls as well as its critical IT processes which support the business.
- Support wider team objectives and contribute to deliverables such as providing input to the annual risk taxonomy review, delivering well written thematic risk reviews identifying forward looking risks and acting as a reviewer of technical risk assessments covering the functional area.
- Understand regulatory and audit expectations and find the best ways to ensure we deliver.
- Make use of relevant data and analytics techniques and metrics and possess an understanding of emerging technologies to support risk assessment and identification activities.
- Build strong relationships with Senior C&ORC, IT and Business stakeholders (including Legal, Compliance, HR, Technology, Group Information Security Office, BCM and Audit functions) .
You’ll be reporting into the Compliance & Operational Risk Control (C&ORC) IT Risk Controller for Investment Bank IT. We are part of the Corporate Centre Risk Control function (CCRC) within C&ORC and provide oversight of technology, information / cyber security, outsourcing, Business Continuity Management and program management risks across the UBS Group.
Your experience and skills :
- Experience of working in the financial sector with some experience of Investment Banking;
- Exposure to Technology Risk frameworks and governance methods plus in depth knowledge of information security technology, software development methods and cyber;
- You have a degree in Computer Science, Computer Engineering, or relevant discipline; plus a professional qualification (e.g. CISSP, CISM, CISA, CRISC) ; or hands-on experience with industry accepted IT Control frameworks (e.g. ISO 17799 / COSO / COBIT) is an advantage.
- An experienced Technology Risk Manager in IT Risk / IT Audit or a similar subject-matter area;
- A person with initiative that can develop plans, manage projects and execute risk assessments;
- Analytic, with the ability to provide practical solutions for minimizing risk;
- Results oriented and assertive (you don’t shy away from challenging situations);
- A person with a solid technical and background, with an understanding of software development practices and cyber related risk;
- Able to communicate with different levels of seniority and translate technical issues into business language;