Cyber Risk Manager (Second-line Controls) — Union Bancaire Privée
Role overview
## Mission - Operate in a highly regulated banking environment (FINMA, EBA, DORA, etc.) and amid accelerating digital transformation – including the expansion of e-banking and mobile banking services, the Group Risk Department is seeking a senior cybersecurity specialist to carry out second-line control activities. - Independent of first-line operational teams, the role holder contributes to ensuring the effectiveness, consistency, and regulatory compliance of the Bank’s cybersecurity framework.
## Main responsibilities - Execute the second-line control plan across the full cybersecurity perimeter: IAM, PAM, endpoints, cloud, networks, e-banking and mobile banking. - Conduct periodic and thematic controls on security processes and measures implemented by first-line operational teams, to ensure that information security risks are identified, assessed, treated, and reported to relevant stakeholders. - Verify compliance with banking regulatory requirements (e.g., FINMA, EBA, DORA, etc.). - Produce well-documented control reports, issue actionable recommendations, and monitor the progress of remediation plans. - Contribute to maintaining cyber risk indicators (KRI/KPI), and feed reporting to the Head of Cyber Risk Control. - Maintain a regulatory watch specific to the banking sector, and flag impacts on the control framework. - Work collaboratively with Internal audit and Group Security, within a three lines of defense model. - Support first-line teams in understanding control requirements and fostering a cyber risk culture tailored to the banking sector.
## Your Profile - Master’s degree (or equivalent) in Computer Science, Cybersecurity, Information Systems Engineering, or a business school with a specialization in security - Minimum 7 to 12 years of experience in cybersecurity, ideally in a banking institution - Good command of frameworks and working knowledge of FINMA circular on operational resilience, DORA, EBA Guidelines on ICT and Security Risk. - Good understanding of technical architecture (network, cloud, IAM, AD, fraud prevention). - Ability to document findings clearly and communicate them to both technical and non-technical stakeholders - Analytical rigor, autonomy, and a collaborative working style. - Proficiency in French and English, both written and spoken.
Description
## Mission - Operate in a highly regulated banking environment (FINMA, EBA, DORA, etc.) and amid accelerating digital transformation – including the expansion of e-banking and mobile banking services, the Group Risk Department is seeking a senior cybersecurity specialist to carry out second-line control activities. - Independent of first-line operational teams, the role holder contributes to ensuring the effectiveness, consistency, and regulatory compliance of the Bank’s cybersecurity framework.
## Main responsibilities - Execute the second-line control plan across the full cybersecurity perimeter: IAM, PAM, endpoints, cloud, networks, e-banking and mobile banking. - Conduct periodic and thematic controls on security processes and measures implemented by first-line operational teams, to ensure that information security risks are identified, assessed, treated, and reported to relevant stakeholders. - Verify compliance with banking regulatory requirements (e.g., FINMA, EBA, DORA, etc.). - Produce well-documented control reports, issue actionable recommendations, and monitor the progress of remediation plans. - Contribute to maintaining cyber risk indicators (KRI/KPI), and feed reporting to the Head of Cyber Risk Control. - Maintain a regulatory watch specific to the banking sector, and flag impacts on the control framework. - Work collaboratively with Internal audit and Group Security, within a three lines of defense model. - Support first-line teams in understanding control requirements and fostering a cyber risk culture tailored to the banking sector.
## Your Profile - Master’s degree (or equivalent) in Computer Science, Cybersecurity, Information Systems Engineering, or a business school with a specialization in security - Minimum 7 to 12 years of experience in cybersecurity, ideally in a banking institution - Good command of frameworks and working knowledge of FINMA circular on operational resilience, DORA, EBA Guidelines on ICT and Security Risk. - Good understanding of technical architecture (network, cloud, IAM, AD, fraud prevention). - Ability to document findings clearly and communicate them to both technical and non-technical stakeholders - Analytical rigor, autonomy, and a collaborative working style. - Proficiency in French and English, both written and spoken.
