Information Security & Risk Analyst
- Full-time
Company Description
By joining Swissquote, you will become a member of the sector's leading company. You will be encouraged to develop your skills and to grow within teams of highly qualified specialists. We encourage personal development and actively support creative team work, leadership and responsibility.
Job Description
Governance
- Develop, maintain and publish up-to-date (Company) information security policies to accommodate business and regulatory evolution
- IT compliance oversee: LPD, GDPR, FINMA regulation, etc.
- Regular reporting on the security situation and effectiveness of implemented measures towards the CRO, Executive Management and Risk Committee
Controls
- Establish relevant operational and administrative controls
- Operate and optimize controls
- Report thereon
Awareness program
- Participate in definition of objectives
- Evaluate training
- Monitor implementation with HR support
Audits
- Support internal and external audit process
Pentest
- Organize pentests
- Coordinate remediation plans
Risk management
- Maintain IT Risk register
- Perform security risk assessments of new business projects and support business team in applying mitigations measures
- Support in answering security-related queries from our clients and partners
Security Operations
- Operates DLP, SIEM, EDR and other detection and response tools
- Exception management
- supervise process
- document
Business Continuity
- Continuous improvement of Framework
- Monitoring of tests
- Coordination with WL/Partners
Incident Management
- Coordination with Operation in case of cyber or BCP incident
- Forensic of cyber Incidents
Qualifications
Minimum Qualifications
- Bachelor and/or Master in Computer Science or similar
- Very strong analysis skills
- Fluent in French and excellent English communication skills, oral and written
- Knowledge in Risk Framework and Audit Framework (NIST, COBIT, ....)
- Minimum 3-5 years experience
- Basic knowledge of scripting (Python, Bash) and programming (Java, C)
Nice to have
- ISO27001 certification
- CISSP(2)
- CISA
- AWS / Azure security knowledge
Additional Information
SQ2