Mission
Lead and strengthen UBP’s cybersecurity first line of defence by overseeing Security Risk & Governance and Vulnerability Management. Establish, maintain, and evolve a robust, transparent control framework aligned to global banking regulations (FINMA, EU, UK, Hong Kong, Singapore). Partner with Technology, Business, Risk, and Compliance stakeholders to proactively manage cyber risks, ensure regulatory adherence, and safeguard UBP’s clients and assets.
Main responsibilities
Governance & Risk Management
Own and evolve the cybersecurity risk management framework, policies, standards, and security controls catalogue for first line of defence.
Drive risk identification, assessment, and ensure that adequate and achievable treatment plans are defined and implemented in effective timescales.
Maintain risk registers and key risk indicators (KRIs). Ensure discrete risks are clearly identified, challenged and catalogued without duplication or unnecessary overlap.
Ensure alignment with group risk appetite, regulatory expectations, and industry best practices (ISF, NIST CSF, ISO/IEC 27001/27005).
Vulnerability Management
Lead enterprise vulnerability management strategy and operations (infrastructure, applications, cloud, third parties).
Oversee vulnerability scanning, assessment, risk-based prioritisation, and timely remediation in line with SLAs.
Partner with Infrastructure, DevSecOps, and application owners to embed secure‑by‑design principles and shift‑left controls.
Report on exposure, trends, and risk posture to senior management and risk committees.
Regulatory Compliance & Audit Support
Interpret and operationalize cyber requirements across FINMA, EU (including DORA/NIS2 where applicable), UK (PRA/FCA), Hong Kong (HKMA), and Singapore (MAS).
Prepare evidence and responses for internal/external audits, regulatory exams, and board‑level reporting.
Maintain control mapping to regulatory frameworks; ensure continuous readiness and closure of findings.
Manage and mentor a small team; build capabilities and career growth for junior staff.
Communicate complex cyber risk topics clearly to senior management and non‑technical stakeholders.
Champion a risk‑aware culture across technology and business functions.
Your Profile
Experienced cybersecurity risk leader with deep first line of defense experience in financial services.
Strong knowledge of regulatory environments across Switzerland (FINMA), EU, UK, Hong Kong, and Singapore, with proven ability to operationalize requirements.
Strategic thinker with hands‑on rigor—able to sustain current frameworks while maturing them for scalability and transparency.
Influential communicator and collaborative partner comfortable engaging senior executives and guiding junior staff.
Education
Bachelor’s or master’s degree in information security, Computer Science, Engineering, Risk Management, or a related field.
Relevant certifications preferred: CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, CEH, or equivalent.
ExperienceTechnical skills
8–12+ years in cybersecurity with significant exposure to first line risk and control management in a regulated bank.
Proven track record in:
Designing and operating cyber risk and control frameworks (policies, standards, KRIs/KPIs, control testing).
Leading enterprise vulnerability management (tools, processes, SLAs, metrics, remediation governance).
Regulatory engagement, audit response, and evidence management.
Cross‑border regulatory alignment (FINMA, EU/DORA, UK PRA/FCA, HKMA, MAS).
Practical familiarity with:
Frameworks/standards: NIST CSF, NIST 800‑53, ISO/IEC 27001/27002/27005, OWASP, CIS Controls, MITRE ATT&CK.
VM tooling & ecosystems: Qualys/Tenable/Rapid7, SAST/DAST, SCA, container and cloud posture management (CSPM), EDR/XDR.
Enterprise environments: Windows/Unix, networks, databases, microservices, SaaS, public cloud (AWS/Azure/GCP).
Secure SDLC/DevSecOps and CI/CD integration of controls.
Reporting and metrics for executive forums and risk committees.
Languages
English: fluent (written and spoken).
French - strong advantage.
Personal skills
Leadership: coaching mindset, able to build high‑performing teams and upskill junior colleagues.
Communication: clear, concise, and audience‑appropriate; strong presentation and writing skills.
Decision‑making: risk‑based prioritisation, data‑driven, and pragmatic under time pressure.
Collaboration: strong stakeholder management across IT, Risk, Compliance, and business lines.
Adaptability: navigates ambiguity; balances regulatory rigor with business practicality.
Integrity: high professional ethics and commitment to client and bank protection.
Others
Location: Geneva
Swiss Residence
Hybrid working arrangements aligned with UBP policy.
Candidates must have the right to work in the relevant jurisdiction.
Background checks required consistent with banking standards.
Core Competencies : Adherence to the company’s values: Dedication, Conviction, Agility and Responsibility - Compliance with regulations and internal directives
#J-18808-Ljbffr