Cyber Information Security Officer

Responsabilités principales

• Review and monitor the organizational security compliance against current frameworks and regulation (FINMA 2023/1, NIST, LPD and ISO 27001)
• Provide key inputs and collaboration with various risk/compliance departments (i.e., Quality Management, Data Integrity, Ethics & Compliance, Cyber Security, Privacy/Legal, Records Management)
• Provide subject matter expertise to Contract Managers, Business Unit Managers, and third-party relationship Managers to ensure third party risk management program is compliant with applicable regulations or policies
• Contribute to develop, maintain, and publish up-to-date information security directives, procedures, standards, and guidelines
• Develop and ensure effective disaster recovery policies and standards to align with enterprise business continuity management program goals
• Perform internal investigations, forensic investigations and assist with any inquiry related to the usage of our data
• Collaborate in insider threat prevention activities, such as performing or evaluating background checks on individuals when required
• Provide regular reporting on the status of the information security program
• Actively participate in security, data management, forensic investigations, and security Governance
• Monitor or ensure the oversight external threat environments for emerging threats
• Plan and oversee penetration tests to find any flaws
• Collaborate with management and the IT departments to improve security
• Document any security breaches and assess their damage
• Educate colleagues about security software and best practices for information security
• Collaborate and maximize partnership with external providers
• Assess whether new technologies are appropriate for the company to implement
• Ensure technologies currently in use are efficient and propose/make changes wherever necessary
• Maintain/develop network and relationship with pairs in the industry and with local companies

 

 

Profil

Professional experience & competencies:

• 5-7 years’ experience in information security of which at least 2 years in a similar role within the Swiss finance industry (banking industry an asset)
• Strong understanding of Microsoft Cloud technologies, especially Azure and Office 365 with successful track record of min. 2 years
• 1 year experience on operating Data Loss Prevention technologies (Purview and or Forcepoint)
• Good knowledge of IT production frameworks such as ITIL as well as technological trends
• Solid knowledge of various information security frameworks (NIST, CIS…)
• Ability to conduct technological analyses and research
• Good knowledge in mobile technologies and change management
• Good understanding of Private Banking sector and of FINMA operational risk framework

Personal competencies:

• Excellent problem-solving and analytical skills
• Good communication skills with the ability to popularize security matters to a non-technical audience and to educate them
• Result, client solution and team oriented
• Ability to maintain excellent quality standards in high stress situations
• Excellent problem-solving and analytical skills with the ability to balance business interests with risk
• Organization, rigor and attention to details

Language requirements:

• Excellent verbal and written command in French and English, German an asset

 

Education:

• Bachelor’s degree in computer science, Management or equivalent
• Current relevant professional certification such as CISSP, Microsoft Azure, Microsoft 365

 

Specific requirements:

• Mandatory Swiss residency (for the last 12 months at least)