Mission
Operating in a highly regulated banking environment (FINMA, EBA, DORA, etc.) and amid accelerating digital transformation – including the expansion of e-banking and mobile banking services, the Group Risk Department is seeking a senior cybersecurity specialist to carry out second‑line control activities.
Independent of first‑line operational teams, the role holder contributes to ensuring the effectiveness, consistency, and regulatory compliance of the Bank’s cybersecurity framework.
Main responsibilities
Execute the second‑line control plan across the full cybersecurity perimeter: IAM, PAM, endpoints, cloud, networks, e‑banking and mobile banking.
Conduct periodic and thematic controls on security processes and measures implemented by first‑line operational teams, ensuring that information security risks are identified, assessed, treated, and reported to relevant stakeholders.
Verify compliance with banking regulatory requirements (e.g., FINMA, EBA, DORA, etc.).
Produce well‑documented control reports, issue actionable recommendations, and monitor the progress of remediation plans.
Contribute to maintaining cyber risk indicators (KRI/KPI), and feed reporting to the Head of Cyber Risk Control.
Maintain a regulatory watch specific to the banking sector, and flag impacts on the control framework.
Work collaboratively with Internal Audit and Group Security within a three‑lines‑of‑defense model.
Support first‑line teams in understanding control requirements and fostering a cyber risk culture tailored to the banking sector.
Your Profile
Master’s degree (or equivalent) in Computer Science, Cybersecurity, Information Systems Engineering, or a business school with a specialization in security.
Minimum 7 to 12 years of experience in cybersecurity, ideally in a banking institution.
Good command of frameworks and working knowledge of FINMA circular on operational resilience, DORA, EBA Guidelines on ICT and Security Risk.
Good understanding of technical architecture (network, cloud, IAM, AD, fraud prevention).
Ability to document findings clearly and communicate them to both technical and non‑technical stakeholders.
Analytical rigor, autonomy, and a collaborative working style.
Proficiency in French and English, both written and spoken.
Core Competencies
Critical thinking and objectivity in assessing control frameworks.
Ability to work cross‑functionally with diverse stakeholders.
Proactive, solution‑oriented mindset when facing identified risks.
Professional integrity and respect for confidentiality.
Appetite for regulatory watch, continuous improvement, and knowledge sharing.
Others
Swiss Residence
#J-18808-Ljbffr