The Cyber Information Security Officer role will directly support the Switzerland Private Bank business with responsibility for oversight of the Cyber and information risk control environment, providing support with risk assessments for jurisdictions with special regulatory requirements, driving local implementation of Group Programmes, as well as implementing the Group Cyber Policy and Standards. Additionally, the role will support in managing the Logical Access Management (LAM) project and operation, the Data Leakage Prevention (DLP) platform, and providing advice/challenge to the business in respect of tactical solutions and strategic programmes.
The Cyber Information Security Officer will report into the Cyber & Information Security Manager.
- Logical Access Management (LAM)
- Support the global PB activities, in all areas of Logical Access Management,
- Manage all aspects of Identity and Access management for Private Bank Switzerland, including RBAC implementation and maintenance, application on boarding, SoD, recertification…
- Ensure any access to client data hosting systems is compliant with the Group Security of Information Assets Standard, Role Based Access Control framework and need-to-know principle,
- Take responsibility of daily activities (access approvals and access monitoring) around LAM, using the Access Control Monitoring tool (Saviynt IAG solution), and the internal user access ticketing request tool,
- Maintain and continuously improve the ACM tool (follow up with third party supplier for upgrades, bug remediation, evolution requests etc…),
- Formalize business LAM procedures.
Implementation of Group CIS Policy (Cyber / Risk Assurance)
- Ensure risks arising from changes and new projects are properly identified, assessed and managed. Provide project support, assurance, remediation support, and guidance to the business. Assist the business with identifying alternate solutions or compensating controls where requirements are not met, or provide guidance for appropriate risk acceptance,
- Support delivery of projects to ensure compliance across the local Private Bank business, principally covering, logical access management, data leakage prevention policies, risk assurance, information classification/handling,
- Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal company Policies and Policy Standards.
Data Loss Prevention Incident Management (DLP)
- Participate to daily monitoring of emails where need be,
- Provide general advice and guidance around data loss prevention, including remediation of process issues as identified through monitoring alerts,
- Support in identifying ongoing improvements of the platform to enhance the DLP control environment (setup / update of policies and controls within the Data Loss Prevention system),
- Work with local management, HR and other key stakeholders as appropriate.
Training & Awareness
- Assist with creation and delivery of training and awareness programs on all CIS controls and policies.
- The successful candidate will preferably be educated to a degree in Computer Science or equivalent, and have a Risk or Cyber/Information Risk related knowledge,
- CISM, CISA, CISSP, ISO27001 or equivalent would be a definite bonus,
- Knowledge in Identity and Access Management is a definite asset, especially regarding notions around Role Based Access Control,
- Knowledge in Data Loss Prevention principle and tools would be appreciated,
- Experience within financial institutions is preferred,
- Notion in banking secrecy is preferred,
- Residence in Switzerland and French speaking is preferred.
- Weekend work or work outside of business hours might be required.
- The successful candidate will have good communication skills, written and verbal; and should be a dynamic individual, self-directed, team oriented, comfortable operating within a changing environment.
Additionally, the candidate should demonstrate:
- Taking actions and be able to follow up on the progress in a timely manner,
- Persuading and influencing relevant stakeholders where needed,
- Analysing situations where information risk could arise and advise his manager,
- Working with people from various department (from IT, controls and support functions and business),
- Adhering to principles and values from the Bank,
- Presenting and communicating relevant information,
- Delivering results and meeting expectations setup in accordance with his/her manager.
Purpose and Values
- Respect : We respect and value those we work with, and the contribution that they make.
- Integrity : We act fairly, ethically and openly in all we do.
- Service : We put our clients and customers at the centre of what we do.
- Excellence : We use our energy, skills and resources to deliver the best, sustainable results.
- Stewardship : We are passionate about leaving things better than we found them.
Important: Lors de votre postulation, merci de nous informer que vous avez vu notre annonce sur WeJob.