Beschreibung

As an Information Security & Compliance Lead, you will play a crucial role in safeguarding the organization's information assets. Daily activities will involve managing audits, enhancing security awareness, and collaborating with various teams to ensure compliance with international standards and regulations.

Anforderungen

• •Bachelor’s or Master’s degree in Information Security, Computer Science, or related field
• •Recognized security certifications such as CISM, ISO 27001 Lead Implementer/Auditor, or equivalent
• •Minimum 5 years of experience in information security management, compliance, or cybersecurity operations
• •Proven experience leading ISO 27001 or equivalent certification programs
• •Strong understanding of incident management, vulnerability management, and data protection principles
• •Familiarity with third-party risk management
• •Experience in managing security awareness programs and collaborating with multidisciplinary teams
• •Excellent project management and reporting skills
• •Analytical, structured, and risk-based approach to decision-making
• •Effective communicator, skilled at adapting communication for technical stakeholders and senior management
• •Proven ability to lead cross-functional initiatives and maintain governance rigor
• •Strong attention to detail and documentation
• •Proficient English, French is a plus
• •A valid Swiss work permit or Swiss or EU-25EFTA citizenship

Aufgaben

• •Oversee internal and external audits
• •Lead incident and vulnerability management processes
• •Manage supplier and client relationships from a security perspective
• •Develop security awareness and readiness programs
• •Lead annual ISO 27001 and ISO 27701 audits
• •Conduct security meetings with management
• •Maintain and update security policies and practices
• •Collaborate with the Data Protection Officer for GDPR compliance
• •Compile and report security KPIs and dashboards monthly
• •Perform ISO 41002 self-assessment
• •Implement AI governance controls with key stakeholders
• •Oversee employee security awareness programs
• •Conduct regular phishing simulations
• •Identify and propose new security tools
• •Develop and manage the annual cybersecurity budget
• •Review security maturity of new suppliers
• •Answer client security queries with Sales and Legal teams
• •Investigate security incidents and ensure response procedures are followed
• •Enhance incident response processes through tabletop simulations
• •Review vulnerability scan results and ensure timely remediation
• •Coordinate penetration testing and track closure of findings
• •Follow OSINT threat intelligence and act accordingly