Head of Group Information Security

As the Director of the Information Security you will leads the design implementation and continuous improvement of the Groups global information security strategy. Conducting digital banking across 10 jurisdictions and operating two banking licenses the role ensures consistent protection of customer and corporate data regulatory compliance and operational resilience for the entire Swissquote Group.

Reporting directly to the Chief Operating Officer the Head of Information Security oversees all security functions including Governance Risk & Compliance (GRC) Security Operations (SOC) and the Cyber Task Force (Security Engineering) ensuring a unified and risk-based approach to cybersecurity.

• Strategic Leadership
  • Define and maintain the Groups information security vision strategy and roadmap aligning with business objectives regulatory obligations and evolving threat landscapes.
  • Act as a trusted advisor to senior management and the Board on cyber risks emerging threats and investment priorities.
  • Develop and maintain a global security framework aligned with ISO 27001 NIST and regulatory standards such as DORA NIS2 and GDPR.
  • Promote a security-by-design and privacy-by-design across all products platforms and technology initiatives.
• Governance Risk & Compliance
  • Oversee the Groups Information Security Management System (ISMS) and ensure continuous compliance with ISO 27001 certification PCI-DSS GDPR DORA and local regulations.
  • Lead risk assessments threat modeling and risk treatment plans ensuring appropriate mitigation and tracking.
  • Manage security policies standards and procedures ensuring consistency across all jurisdictions.
  • Coordinate with Group Compliance Risk and Data Protection Officers to align information security with legal and regulatory frameworks.
  • Oversee third-party and cloud security assessments to ensure supplier compliance and resilience.
• Security Operations & Resilience
  • Supervise SOC operations (internal and managed) ensuring proactive threat detection vulnerability management and incident response.
  • Serve as the executive escalation point during major cyber incidents and ensure effective crisis coordination and communication.
  • Maintain and test Business Continuity Plans (BCP) Disaster Recovery Plans (DRP) and Crisis Management frameworks (BIACOOP) across entities.
  • Drive continuous improvement in threat intelligence red teaming and digital forensics capabilities.
• Leadership & Team Management
  • Lead and develop the GRC SOC and Task Force teams fostering a culture of accountability innovation and collaboration.
  • Attract develop and retain top talent while ensuring clear roles performance goals and career progression paths.
  • Promote security awareness and training across all levels of the organization to strengthen the security culture.
• Stakeholder & External Engagement
  • Represent the Group in front of regulators auditors and supervisory authorities on cybersecurity matters.
  • Collaborate with IT Software Engineering Risk Fraud Compliance and Legal teams to integrate security into all key business initiatives.
  • Maintain relationships with external partners intelligence communities and industry peers to anticipate and mitigate threats.

Qualifications :

• Mandatory requirements
  • Minimum 8 years of experience in Information Security including senior leadership roles within the financial or other highly regulated sectors.
  • Strong expertise in cybersecurity governance risk management and compliance frameworks (e.g. ISO 27001 NIST CIS PCI-DSS).
  • Proven track record in developing and managing complex multi-jurisdictional security programs.
  • Solid technical understanding of cloud security (AWS Azure GCP) SIEM/EDR platforms identity and access management and secure infrastructure architecture.
  • Excellent leadership and communication skills with the ability to influence and engage at Executive and Board level.
  • Fluent command of English both written and verbal.
  • Strong people management capabilities including coaching team development and conflict resolution.
  • Good understanding of the regulatory environment and Group governance principles applicable to the banking sector.
  • Awareness of the digital banking ecosystem its products and specific risk characteristics.
  • Sound understanding of enterprise risk management frameworks and their interaction with information security governance.

• Desired
  • Bachelors or Masters degree in Computer Science Information Security or a related field.
  • Professional certifications such as CISSP CISM CISA GIAC or ISO 27001 Lead Implementer/Auditor.
  • Experience with DevSecOps cloud-native environments and regulatory engagement (CSSF FINMA ECB etc.).

Additional Information :

SQ3

Remote Work :

No

Employment Type :

Full-time