Business Information Security Officer (BISO) - Switzerland
At FNZ, our purpose is to make wealth management more accessible, bringing easier, fairer and more inclusive solutions to people worldwide. Here in the Global Cyber & Information Security team, we are on a mission to embed cyber resilience across FNZ, protecting the platforms that support investment solutions for over 20 million people.
We are looking for an exceptional Business Information Security Officer to develop and lead a local security team in support of the FNZ Switzerland business strategy, its IT and Data Security setups, its Business Continuity Management and the delivery of a Cyber Resiliency Strategy. You will report to the EMEA Regional Information Security Officer and have significant experience in regulated financial services.
You will have proven technical Information Security subject matter expertise, knowledge of the cybersecurity landscape, knowledge and experience following a variety of industry recognised information security frameworks, experience in interpreting and implementing client and regulatory requirements (including in particular Swiss outsourcing requirements), understanding of security issues related to choices in technologies and tech-debt, coupled with an ability to communicate risk effectively to stakeholders of all levels. You will consult and challenge through a risk lens.
You will have prior experience in a complex and evolving environment in regulated financial services across different regions and jurisdictions.

EXPERIENCE REQUIRED

• Experience of an Information Security function in a regulated industry, law enforcement or the military.
• Good knowledge of the practical implementation of information security and risk frameworks such as ISO27001, NIST 800-53 and COBIT.
• Good knowledge of auditing frameworks such as ISAE3402 and SOC2.
• Experience in an outsourced service model.
• Experienced in managing client and regulator relationships.
• Experienced in developing excellent supply chain management practices.
• Proven ability to manage internal stakeholders through a journey of improving information security maturity.
• Good ability to communicate information security and risk concepts to stakeholders of all levels.
• Professional Information Security qualifications such as CISSP, CISM, CISA, CRISC.
  About FNZ
  FNZ is committed to opening up wealth so that everyone, everywhere can invest in their future on their terms. We know the foundation to do that already exists in the wealth management industry, but complexity holds firms back.
  We created wealth’s growth platform to help. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations. All in a regulated financial institution.
  We partner with over 650 financial institutions and 12,000 wealth managers, with US$1.5 trillion in assets under administration (AUA).
  Together with our customers, we help over 20 million people from all wealth segments to invest in their future.
  Job ID REQ-11601

• Implement security strategy and tailor group security policies within the business unit based on local regulatory requirements.
• Ensure that security practices are integrated into the business unit’s daily operations.
• Deliver ISO and ISAE certifications in alignment with the client contractual obligations.
• Identify, through assessment, security risks and recommend appropriate mitigation strategies.
• Monitor and report on security risk levels and control effectiveness within the business unit.
• Drive business unit compliance with relevant regulatory and policy requirements.
• Prepare and support the business unit during internal and external audits related to information security.
• Serve as the point of contact for security incidents within the business unit.
• Provide tailored security awareness training to the business unit’s employees.
• Promote the adoption of secure practices within the business unit.
• Act as the liaison between the business unit and the central information security team.
• Report on the business unit’s security posture, challenges, and needs to the CISO and other relevant stakeholders.
• Provide security guidance and support for business unit-specific projects, ensuring that security is considered throughout the project lifecycle.
• Identify opportunities for improving security processes within the business unit.
• Advocate for the business unit’s security needs in discussions with the central security team and the Swiss IT Team, to ensure that Group setups and initiatives are effective for the Swiss entities and their activities.