Description

As a Senior Information Security & Risk Analyst in the IT Security Team, you will play a pivotal role in establishing and maintaining a robust security governance, risk management, and compliance (GRC) framework to protect our assets and meet regulatory requirements. You will be responsible for analyzing and evaluating the company's security posture, identifying potential vulnerabilities, and ensuring the implementation of best practices and security controls. Working closely with cross-functional teams, you will lead risk assessments, develop and implement security policies, perform and answer to due diligence requests, and facilitate continuous improvement in the organization's information security program. Your expertise in information security, GRC methodologies, regulatory frameworks and industry standards will be critical in driving our cybersecurity initiatives and managing risk across the enterprise. Additionally, you will contribute to the development and delivery of security awareness training, fostering a culture of security consciousness among employees and stakeholders.

We are seeking an experienced Information Security professional who can leverage their expertise and thrive in a dynamic, fast-paced environment. If you are eager to embrace this challenge, we look forward to receiving your application.

Your missions are as follows :

• Develop and maintain a comprehensive information security governance, risk management, and compliance (GRC) framework.
• Maintain and improve the organization security risk register and controls framework
• Conduct regular risk assessments to identify vulnerabilities and recommend appropriate risk mitigation strategies.
• Implement and maintain security policies, procedures, and controls in alignment with industry best practices and regulatory requirements.
• Develop and deliver security awareness training programs to foster a culture of security consciousness among employees and stakeholders.
• Manage relationships with external auditors, regulators, and other stakeholders to ensure compliance with relevant laws and regulations.
• Track and report on key information security metrics, trends, and performance indicators.
• Develop and maintain the organization's business continuity and disaster recovery plans.
• Stay current with the latest developments in information security, GRC methodologies, and industry standards.
• Lead or support special projects, as needed, to enhance the organization's security posture.
• Provide mentorship and guidance to other team members, helping to build a strong and capable information security team.

Votre profil

Mandatory

• Over 8 years experience in similar roles
• Mandatory experience with FINMA regulation
• Ability to communicate and engage with various departments and teams, from Senior Management to technical teams
• Good knowledge of Information security standards and frameworks such as NIST CSF, ISO/IEC 27001, CIS, ISAE
• Excellent French and English communication skills, oral and written

Desired

• Bachelor or Master in Computer Science or similar
• CISSP, CISA or similar qualifications
• Azure security certifications
• Scripting abilities (Python, PowerShell)

Comment postuler