Senior IT Risk Controller

– Lead a team of operational risk experts with direct line responsibility for a team of specialists; support IT and Operational Risk Control management with sound advice and material support across the full range of risk management lifecycle activities, including risk identification, assessment, and oversight of remediation planning and execution; participate and challenge IT risk activities, and actively participate in senior management monthly IT Risk Boards.

– Attend function/regional operational risk forums, understand technology related plans and risks as well as the critical IT processes and controls which support the business, understand key vendors and vendor risks of the function and oversee C&ORC IT Risk staff.

– Understand key external audit reporting requirements and ensure appropriate IT attention as needed. Where relevant manage specific country regulatory self-assessments and formal local IT regulatory reviews. Ensure appropriate vetting, notification and escalation of any regulatory review points.

– Build strong relationships with Senior C&ORC, IT and Business stakeholders (including Legal, Compliance, HR, Technology, Group Information Security Office, BCM and Audit functions) to proactively identify risk issues, drive remediation activities and continuously improve C&ORC IT Risk services. Work with C&ORC counterparts and provide governance oversight of 1LOD IT in maintaining compliance with regulations. Must be able to understand complex issues quickly and set priorities according to technical as well as strategic considerations.

– Provide functional and regional specific thought leadership for IT Risk topics and input into the Global IT Risk strategic direction. Actively manage IT risks in accordance with the Group’s Risk framework across the region. In particular, ensure risks are properly evaluated, recorded and mitigating action plans are monitored through to completion. Implement the C&ORC IT Risk (2LOD) governance model and supporting methodologies.

Your team:
You’ll be reporting into the Group Head of C&ORC IT Risk. You will be located in London, Zurich or New York. We are part of the Compliance & Operational Risk Control (C&ORC) function and provide oversight of technology, information / cyber security, outsourcing, BCM and program management risks across the UBS Group.


Your experience and skills:
You have:

– A degree in Computer Science, Computer Engineering, or relevant discipline;

– Experience of working in the financial sector across a broad spectrum of business types (Investment Banking, Wealth Management, etc.);

– Knowledge and experience of the legal and regulatory, and engaging directly with regulators;

– In-depth experience of IT Risk frameworks and governance methodologies;

– Broad specialist level knowledge of information security technology and IT such as UNIX, Windows, databases, network infrastructure, firewalls, application development, Information Security tools ( logging & monitoring tools, break glass processes emergency envelope tools, Public Key Infrastructures, Cryptography).


You are:

– experienced Technology Risk Manager with extensive previous experience in IT Risk/IT Audit or a similar subject-matter area;

– analytic, with the ability to provide practical solutions for minimizing risk;

– result-oriented and assertive (you don’t shy away from challenging situations);

– a team player with the ability to work independently to organize, manage and complete projects within tight deadlines;

– able to drive complex cross-functional programmes;

– able to communicate with different levels of seniority as well as able to communicate technical issues in business language within a global organization;

– excellent communicator and fluent in English