Activity description:

-Knowledge of the risk assessment and treatment process organized according to the ISO/IEC 27001, NIST Cybersecurity Framework and Cloud Architecture Framework

-Participate in review and analysis of security and Business products/services and make recommendations based on risk assessment, security standard and best practices.

-Provide advice, challenge, and help improve IT Risk and Information Security frameworks in line with Swiss and international regulatory requirements.

-Actively participate in monitoring to identify trends and new developments in information security and threats.

- Consult with IT teams to determine cloud security requirements and plan and deliver cloud-based business solutions.

-Monitor compliance and adherence to set requirements and the life cycle of cloud security assets.

-Carry out controls, recommend improvement measures and follow their implementation.

-Ensure Information Security operation tasks, including incident management.

-Cloud Security-related certifications (CCSP, CCSK, Certified Cloud Professional/Architect.

Specific requirements:

-Solid understanding of information risk assessment procedures as well as widely used frameworks like ISO/IEC 27001, NIST Cybersecurity Framework and Cloud Architecture Framework.

-Experience in the field of information security and technology.

-Excellent problem-solving and analytical skills.

-Ability to educate a non-technical audience about various security and data protection measures.

-Effective verbal and written communication skills (Italian and English).

Languages:

-Italian

-English

-German (nice to have)

Experience

-Proven experience in similar positions (> 3 years).
-Cloud experience (GCP and Azure).
-General knowledge of the banking industry and its regulations.