Jobdescription For a first class company we are looking for a Security GRC officer : Requirements/Skillshe SGRC Officer is part of the team which has responsibility for the delivery of the governance, risk management and compliance elements of the information security strategy through helping to create information security policies, managing information security risk, providing training and reviewing information Typical Duties and Responsibilities Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.
The Security GRC Officer will be responsible for developing, implementing, and maintaining security governance, risk management, and compliance strategies to protect the bank's information assets.
This role requires expertise in regulatory frameworks, risk assessments, and policy enforcement to ensure compliance with industry standards and cybersecurity best practices.
Key Responsibilities: Governance: Develop and maintain security policies, standards, and frameworks in line with industry best practices (e.g., ISO 27001, NIST, PCI-DSS).
Ensure alignment of security governance with regulatory and business objectives.
Work closely with internal and external auditors to support compliance audits and assessments.
Risk Management: Identify, assess, and mitigate security risks across IT and business functions.
Conduct risk assessments and implement control measures to protect critical assets.
Develop and maintain the bank's risk register, ensuring timely reporting and risk mitigation.
Collaborate with stakeholders to improve the bank's security risk posture.
Compliance: Ensure compliance with local and international banking regulations (e.g., GDPR, PSD2, SWIFT CSP).
Monitor changes in security regulations and implement necessary policy updates.
Conduct security awareness programs and training for employees.
Manage security incidents, investigations, and reporting in line with regulatory requirements.
Work Environment: Typically office-based, with options for remote work (homeworking)May require on-call availability for incident response.
Qualifikationen Qualifications & Experience: Bachelor's or Master's degree in Cybersecurity, Information Security, Risk Management, or a related field.
Professional certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Auditor/Implementer are highly preferred.
Strong knowledge of regulatory requirements, risk frameworks, and control methodologies.
Experience with third-party/vendor risk assessments and audit processes.
Excellent analytical, communication, and problem-solving skills.
Languages : Italian, English (German is a plus).
Salary range : 85.000/100.000 chf