Senior Red Team Tester

We are expanding our global Red Team (Cyber Assurance Testing) and are looking for a skilled and experienced cyber security specialist to join us. This role will assist in the management of UBS's internal Cyber Assurance Testing service and play a lead role in the delivery of a growing number of regulatory red team engagements to satisfy the requirements and expectations of financial regulators across the globe.

Candidates will be expected to have some experience of engaging with red team testing and financial regulatory red team engagements (e.g. CBEST, iCAST, TIBER), ideally in a finance sector firm, regulatory or consultancy environment. We are looking for individuals with a deep interest in cyber security, and in particular the emulation of real-world offensive cyber-attacks. Keeping up to date with knowledge of threats, vulnerabilities, and techniques should be something you find fun and interesting rather than just a job requirement.

The role will require strong project and stakeholder management skills, an inquisitive mind, an ability to think outside of the box, and a broad understanding of technical aspects of cyber security. Technical certifications such as CISSP, CCSP, CISM, CREST, OSCP, etc will be advantageous, but they are not a deal breaker. We are primarily concerned with your ability to organize and manage projects, and communicate with technical and non-technical stakeholders at all levels of seniority across and outside of the firm.

The ability to write clear reports in business English is an absolute necessity, as are project management skills and personal organizational ability.

You will be working with some very talented and experienced professionals, and there will be lots of opportunities to grow and develop your technical skillset.

• contributing to the management of UBS's internal Cyber Assurance Testing (CAT) service - supporting the ongoing internal testing process and delivery of output
• managing the planning, scoping, execution, and reporting of regulatory red team tests to satisfy regulatory testing frameworks such as CBEST, iCAST and TIBER
• onboarding, contracting and managing third-party red team vendors to deliver regulatory red team testing
• managing relationships with red team testing vendors, senior internal stakeholders, and regulators
• collaborating with blue teams and other cyber defense functions
• developing reports of findings, analysis, and recommendations for internal UBS stakeholders, and contributing to regulatory submissions.
• delivering operational briefings and presentations to technical teams, non-technical stakeholders, and senior management.
• providing technical cyber security expertise to UBS Group Compliance, Regulatory and Governance (GCRG) Cyber and Technology Risk Control

At UBS, we know that it's our people, with their diverse skills, experiences and backgrounds, who drive our ongoing success. We're dedicated to our craft and passionate about putting our people first, with new challenges, a supportive team, opportunities to grow and flexible working options when possible. Our inclusive culture brings out the best in our employees, wherever they are on their career journey. We also recognize that great work is never done alone. That's why collaboration is at the heart of everything we do. Because together, we're more than ourselves.

We're committed to disability inclusion and if you need reasonable accommodation/adjustments throughout our recruitment process, you can always contact us.

UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce.

Report misconduct: If you are made aware of any of our employees or individuals acting on behalf of UBS engaging in acts of misconduct under the Poland Whistleblowing Act, you may report your concerns through Poland-Whistleblowing@ubs.com

You will be working as a member of the global Cyber Testing & Assurance team, which is a second line assurance testing function within Compliance & Operational Risk Control.

• a strong background and experience in cyber security related to the finance sector
• familiarity with red team testing, cyber-attack chains, and the tools, techniques and procedures used by advanced cyber threat actors
• familiarity with the major cyber security concerns of large finance sector organisations, as well as the primary defensive techniques and approaches deployed to address these
• experience of implementing or working with regulatory red team frameworks such as CBEST, iCAST and TIBER
• excellent written and spoken English, and the ability to describe highly technical and complex matters in a business-focused and risk-centric manner to a range of technical and senior stakeholders
• proven experience in managing senior stakeholders and relationships
• proven project management skills and personal organizational ability
• technical certifications such as CISSP, CCSP, CISM, CREST and OSCP would be advantageous, but are not essential

UBS is the world's largest and the only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors. We have a presence in all major financial centers in more than 50 countries.