Cyber Security and Tech Risk Specialist


Technical Skills

  • Crisis Management
  • Information Security
  • IT Security
  • Operational Risk
  • Risk Management

Job Description

Cyber Security and Tech Risk Specialist

Location: Hong Kong

Are you risk averse? Do you know how to maintain independence and objectivity? We are looking for someone like that who can:

– support the implementation of the Cyber Security Risk and Technology Risk taxonomies in the context of the Bank's operational risk framework
- drive the implementation of risk remediation programs, and the undertaking of thematic risk reviews and cross-taxonomy risk management initiatives within Operational Resilience
- establish and maintain strong links within the industry and engagements with the regulators to ensure that Information Security, Cyber Security and Technology Risks related industry news and regulatory developments are embedded within the Framework, and provide a view on future developments
- support the definition of Information Security and Technology Risk training requirements and mechanisms to promote and instill a culture of proactive risk management and awareness within Group Technology (GT)
– participate in the management of operational risk events related to information & cyber security, and technology risks, including escalation to crisis management committees
– act as an advisor and SME for cyber & information security and information technology related risk assessments, incident analysis and strategic initiatives as well as in the development and introduction of relevant business initiatives
– build relationships within C&ORC (Compliance & Operational Risk Control), and with Business and GT stakeholders to ensure steady information flow and effective communications with partners and stakeholders
– oversee the collection and processing of cyber threat intelligence ensuring that (1) the bank has access to relevant cyber intelligence information and that (2) the information is timely provided to the relevant functions and (3) required mitigation activities are executed
– assess the firm's exposure to potential cyber threats by (1) identifying and assessing key cyber security risk scenarios, (2) analysing the bank's defence capabilities against these threats and (3) ensuring that cross-functional mitigation activities are initiated and executed
– manage intelligence-led penetration testing and red teaming activities, including participation to regulatory initiatives such as CBEST in the UK and Quantum Dawn in the US
– support Senior Risk Controllers with the management and coordination of effective delivery of high quality, cost effective, pragmatic and business driven Tech Risk services across the CIO area

Employment TypeFull-time
Education LevelNon-specified
UBSInvestment Banking and Brokerage

Two International Finance Centre, 8 Finance St, Central

directions_walk11 mins walk from Central Station