The Information Security Officer – Business Risk reports to the Chief Security Officer (CSO) and is responsible for enforcing, reviewing and monitoring our governance framework, maintaining our policies and procedures that protect our organization’s computing infrastructure from all forms of security breaches.
He will ensure compliance of our information security framework, working with our Information Technology and cyber security teams. The incumbent will be mainly operating as 2nd line of defense.
- Review and monitor the organizational security compliance against current frameworks and regulation (FINMA 2023/1, ISO 27001, LPD)
- Provide key inputs and collaboration with various risk/compliance departments (i.e., Risk Management, Internal Audit, Internal Control, Legal and Compliance)
- Provide subject matter expertise to Procurement and Line Managers to ensure third party risk management program is compliant with applicable regulations or policies
- Help develop, maintain, and publish up-to-date information security directives, procedures, standards, and guidelines
- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals
- Provide regular reporting on the status of the information security program
- Actively participate in security, data management, forensic investigations, and security governance
- Collaborate and maximize partnership with external providers, including external auditors
- Monitor the external threat environment for emerging threats
Professional experience & competencies:
- 5-7 years’ experience in information security of which at least 2 years in a similar role within the finance industry or within an IT audit firm
- Solid knowledge of FINMA operational risk framework
- Strong understanding of third-party reviews especially ISAE reports
- Good knowledge of information security guidelines
- Knowledge of IT production frameworks such as ITIL
- Strong analytical skills
- In-depth knowledge of best practices to prevent a wide range of security threats
- Ability to challenge audit findings and provide constructive pragmatic feedback
- Proven experience in project management and good knowledge of change management and complex security concepts
- Understanding of Swiss Private Banking sector
- Knowledge of future technological trends
Personal competencies:
- Result and solution orientation with the ability to lead change
- Strong writing skills in French and English to prepare investigation reports/polices and to conceive and document clear governance principles
- Excellent problem-solving and analytical skills with the ability to balance business interests with risk
- Ability to popularize security matters to a non-technical audience
- Solid personal confidence to challenge internal and external findings when needed
- Organization, rigor and attention to details
Language requirements:
- Excellent verbal and written command in French and English, German an asset
Education:
- Bachelor’s degree in Computer Science, Management or equivalent
- Current relevant professional certification in Information Security (CISSP, CISA, CISM) highly appreciated
If this position is of interest to you, send us your complete application by filling in the Internet form.
Apply online Return to job offers