Requirements
Must have:
- 10 years in cybersecurity with direct leadership of SoC and Incident Response functions, including people leadership (hiring, coaching, performance). - Demonstrated success running security operations in complex environments (on premise and cloud) - Strong systems thinking; you connect detections, controls, processes, and behaviors into a coherent operating model with measurable outcomes (KRIs/KPIs and OKRs). - Evidence of automation mindset (e.g., SOAR playbooks, detection as code, continuous control monitoring). - Excellent communicator and partner to architecture, engineering, and infrastructure team. - Calm and accountable during incidents. - Resident in Switzerland or willingness to relocate. Nice to haves: - Experience in a regulated industry (e.g., banking/financial services) and familiarity with audit/alignment frameworks (e.g., ISO 27001, NIST CSF, ISAE, data protection requirements). - Track record introducing AI/ML or analytics to SoC workflows (e.g., assisted triage, enrichment, detection engineering). - Customer facing or regulator engagement experience and security advocacy.
Responsibilities:
- Manage a team of approx. 4 individuals: hiring, coaching, and creating an environment where people do the best work of their careers. - SoC leadership & incident response: Run day to day SoC operations, elevate detection & response maturity, and lead major incident command calmly under pressure. Ensure investigations are rigorous, evidence based, and drive tactical fixes as well as strategic improvements. - Define and execute the SoC strategy for the next 2-3 years, including pragmatic adoption of cloud and AI assisted threat detection, triage, and automation (SOAR). - Own the operating effectiveness of key controls (e.g., vulnerability management, baseline security, DLP). Ensure continuous control monitoring, coverage metrics, and clear KRIs/KPIs that matter to the business. - Establish, own, and execute the banks ...