Information Security Manager - Zurich, Schweiz - Henderson Scott

Beschreibung

The Information Security Manager will oversee Information Security Governance and will strongly contribute to the management of IT risks and controls, as well as to the analysis of projects for this globally recognised organisation.

• Develop and maintain the Information Security Management System (ISMS) in conjunction with the Strategy, Architecture, and Security team (SAS), who hold overall responsibility for governance and control of all IT systems and service Corporate Security Team who are responsible for the governance of all security matters and the Data Protection Officer.
• Initiate, develop, and maintain information security policies and procedures and to ensure that the security strategies are being followed, to meet the organizational security goals and standards. This will be carried out in conjunction with the SAS team who are responsible for developing, and monitoring compliance with, IT/cyber security policies.
• Lead the development of ongoing ISO/IEC 27001 & ISO 27701 efforts, defining standards, procedures, work instructions and training materials for users and IT specialists, and ensuring its implementation and adoption by the various stakeholders.
• Colead the SOC2 certification.
• Document all the security policies and promote activities and procedures to create a general awareness about the significance of security within an organization.
• Regularly review the security plans that have been implemented on the systems throughout the entire network of the organization.
• Lead the collaboration with external IT partners with regards to information security aspects of assets and on/offboarding process.
• Lead vendor inventory to review ongoing assessment of the vendors that is currently using or is anticipating using to ensure vendors only work with trustful third parties.

• A minimum of five (5) years in a corporate security or technology setting with responsibility for information security programs.
• Formal information security qualification (CISM, CISSP/CISA or equivalent) with experience of building an Information Security Management System.
• Strong background in information security Management or IT Audit related role; experience of the design and delivery of training is a significant advantage.
• Proven knowledge of information security related standards and regulations, such as ISO/IEC 27001, 22301, Data Privacy Legislation and audit frameworks.
• Experience in delivering organizationwide security awareness programs.
• Experience in designing, implementing, managing, and testing business continuity programs in a corporate environment.
• Must have strong written and verbal skills and be comfortable presenting initiatives to senior leadership.
• Ability to communicate technical material to a nontechnical audience.
• Ability to weigh priorities and make appropriate decisions.
• Experience in managing corporate security related threat intelligence, including knowledge of relevant security monitoring tools and subscription services. Experience with Cyber threat intelligence is an advantage.
• Ability to produce clear written material and communicate information in a clear and understandable manner to nontechnical stakeholders and the most senior leadership of the organization.
• Experience of operating with a high level of autonomy and the ability to manage others to ensure delivery to agreed timescales.
• Specific physical security, event security, people security, and crisis management experience in a corporate setting are a significant advantage.
• University studies and higher education (MBA) or equivalent professional experience.
• Excellent command of English and French advantageous.