Chief Information Security Officer

  • Experience level : Intermediate
  • Activity : Group
  • Office : Geneva

The Chief Information Security Officer (hereinafter CISO) is responsible for ensuring technical and regulatory monitoring of the Group's information systems security, providing advice, assistance, information, training, alerts, and recommendations on all subjects related to the security of information systems, implementing and controlling information systems processes and proposing changes required to ensure the overall logical and physical security of the information systems.

Your missions

Key responsibilities

The CISO has operational responsibility for verifying the effective enforcement of the Information Systems Security Policy (ISSP), including:

  • Identification and submission of concrete action plans for the reduction and control of information systems related risks
  • Monitoring the effective implementation of the agreed action plans
  • Ongoing monitoring of the relevance and adequacy of security measures related to these action plans
  • The prevention of risks related to the information systems from the early stages of development of any project involving these systems

The CISO supervises and coordinates the activities of delegated functions such as TISO (Technical Information Security Officer) and BISO (Business Information Security Officer).

The CISO does not have direct contact with customers, but rather with suppliers and service providers as well as with regulatory authorities and external auditors.

The CISO is a member of the Security & Logistics department and reports to the Chief Security Officer (CSO).

 

Main activities

The CISO is responsible for the following activities:

  • Technology intelligence and foresight:
    • Track regulatory and technical changes to ensure that the ISSP is in line with the latest trends
    • Monitor the necessary updates to guarantee the overall logical and physical security of the information systems
    • Keep up with technological changes that may have an impact on threats and the means of protecting information systems
       
  • Diagnosis and analysis of risks related to the security of information systems:
    • Choose an appropriate risk analysis methodology for the information systems security environment
    • Assess risks based on threats to the information systems security, the impacts, and consequences of these threats
       
  • Definition and implementation of the Information Systems Security Policy (ISSP):
    • Define the objectives and needs related to the security of the Group's information systems, in collaboration with the relevant stakeholders (Executive Committee, CSO, IT, etc.)
    • Draft and develop the ISSP and related security procedures
    • Audit and control the enforcement of ISSP standards and rules
       
  • Choice of security measures and implementation plan:
    • Identify the resources required to ensure the security of information systems, analyze the gaps
    • Validate the choice of technical security tools
       
  • Operational involvement:
    • In the user access rights managements and control processes
    • In the information systems control and monitoring processes
    • In IT and business projects
       
  • Employee training and awareness-on IT risks and security issues
     
  • Manage the IT controls portfolio:
    • Review of security and IT controls to reduce the Group's operational risk
    • Implement appropriate action plans for the remediation of any anomalies detected by the controls
       
  • Projects and assessments:
    • Information Systems Security Project Manager
    • Responsible for the security aspects of business and IT projects
    • Conduct risk assessments for the Group's projects and initiatives
    • Propose security concepts for IT and business projects
Your profile

Professional experience

  • Bachelor's degree in computer science or equivalent
  • Advanced training and 5 years' experience in information systems security (ISS)
  • Certifications in ISS (CISSP, CISA, CISM) highly appreciated
  • Technical executive with proven experience in project management and complex security concepts

Professional competencies

  • Knowledge of technical concepts and security mechanisms:
  • System and network architecture concepts and techniques
  • Operating procedures and data exchange standards
  • Knowledge of operating systems and related programming languages
  • Application functionalities, in particular, the authorization and data access principles
  • Security of database management systems
  • Technical expertise as an IS architect and a thorough knowledge of the processes related to the governance of information systems
  • Knowledge of ISO 2700x security and ISO 3100x risk management standards
  • Experience in managing organizational and technical projects
  • Knowledge of the regulatory texts applicable to the banking sector, in particular, the FINMA circulars dealing with the security of information systems, data protection and operational risk
  • Demonstrated ability to balance business interests with risk
  • Ability to anticipate
  • Ability to manage resources (budget, consultants, systems, etc.)
  • Ability to organize and lead change
  • Ability to deal with crisis situations
  • Strong communication skills, including solid executive communication ability
  • Strong communication skills, including solid executive communication ability
  • Excellent writing skills in French and English and ability to conceive and document clear governance principles
  • Teaching and communication skills (ability to lead working groups, awareness raising and training sessions)
  • Hands on Approach, results focused, with the energy and commitment to drive delivery
  • Rigor and attention to details
  • Solution-oriented
  • Curiosity: technological changes are frequent. The CISO must have an interest in all areas (applications, programming languages, hardware, virtualization, operating systems) because security is a cross-disciplinary issue

 

Language requirements

French mother tongue with good level in English

 

 

Apply for this position

If this position is of interest to you, send us your complete application by filling in the Internet form.

Apply online Return to job offers