OCRA /Third Party Risk Assessor na UBS Group AG

You will be responsible for evaluating the security posture of third-party vendors that have access to sensitive information or systems of UBS. You will conduct risk assessments to identify and evaluate potential security threats posed by third-party vendors and recommend risk mitigation strategies to minimize the organization's exposure to cyber threats. You will also work closely with internal stakeholders to ensure that third-party vendors comply with our cybersecurity policies and procedures.

Are you keen on working in world class Cyber Security Operations Center for one of the best Swiss private banks? Do you have related experience and are willing to take it further by learning how to defend an enterprise against cyber-attacks? Do you have the right attitude and are eager to join a multinational team of Cyber Security professionals?

We are looking for OCRA/Third Party Risk Assessor to:
• be responsible for evaluating the security posture of third-party vendors that have access to sensitive information or systems of UBS
• conduct risk assessments to identify and evaluate potential security threats posed by third-party vendors and recommend risk mitigation strategies to minimize our organization's exposure to cyber threats and identify potential security threats and vulnerabilities
• work closely with internal businesses to ensure that third-party vendors comply with our cybersecurity policies and procedures and conduct Cloud assessments and audits
• analyze and evaluate vendor security controls, policies, and procedures to ensure compliance with regulatory requirements and industry best practices
• develop and implement risk mitigation strategies to address identified vulnerabilities and reduce our organization's exposure to cyber threats and communicate assessment findings and recommendations to leads, including management, legal, and compliance teams
• monitor and track vendor compliance with security policies and procedures through ongoing assessment activities

Detailed salary information:
• New York: the salary range for this role is $140000 to $180000
The expected salary range(s) for this role as of the date of this posting is/are based on factors including, but not limited to, experience, qualifications, education, location and skill level. This role may also be eligible for discretionary incentive compensation. For benefits information, please visit ubs.com/usbenefits.

New York

Full Time

United States - New York

Information Technology (IT)

At UBS, we know that it's our people, with their diverse skills, experiences and backgrounds, who drive our ongoing success. We’re dedicated to our craft and passionate about putting our people first, with new challenges, a supportive team, opportunities to grow and flexible working options when possible. Our inclusive culture brings out the best in our employees, wherever they are on their career journey. We also recognize that great work is never done alone. That’s why collaboration is at the heart of everything we do. Because together, we’re more than ourselves.

We’re committed to disability inclusion and if you need reasonable accommodation/adjustments throughout our recruitment process, you can always contact us.

UBS Business Solutions SA
UBS Recruiting

UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce.

You’ll be working in the CISO/OCRA (Operational Consolidate Risk assessment) team in New York. You'll take a part in supporting colleagues from different areas of our firm, including Risk Taxonomy Owners, Compliance & Operational Risk Controllers and Outsourcing & Supplier Management, in improving the overall risk assessment process and implementing the most effective remediation measures.

• Bachelor's degree with professional certification in Cybersecurity, Cloud Security, or a related field of study
• audit experience/mindset
• ideally 5+ years of experience in third-party risk assessment or cybersecurity assessment with strong analytical and problem-solving skills
• certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP) are a plus
• experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2 etc.;
• one of the following professional qualifications obtained: CEH, CISSP, CISA, CISM, CRISC or ITIL.
• ability to communicate effectively with good spoken and written English


“At UBS, we appreciate our Veterans and are committed to providing opportunities in Financial Services.”

*LI-UBS
*UBS-MOGUL

UBS is the world’s largest and the only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors.

We have a presence in all major financial centers in more than 50 countries.

We may request you to complete one or more assessments during the application process. Learn more

US Only: The expected salary range for this role is $140000 to $180000 based on factors including, but not limited to, experience, qualifications, education, location and skill level. Please see «Your role» section for detailed salary information.