Head of Group Information Security

Company DescriptionBuilding the bank of tomorrow takes more than skills.It means combining our differences to imagine, discuss, code, develop, test, learn… and celebrate every step together. Share our vibes? Join Swissquote to unleash your potential.We are the Swiss Leader in Online Banking and we provide trading, investing and banking services to +650’000 clients, through our performant and secured digital platforms.Our +1200 employees work in a flexible way, without dress code and in multicultural teams.By having a huge impact on the industry, they are growing their skills portfolio and boosting their career in a fast-pace environment. Have a look behind the scenes by checking Humans of Swissquote on Instagram.We are all in at Swissquote. As an equal opportunity employer, we welcome candidates from all backgrounds, experiences and perspectives to join our team and contribute to our shared success.Are you all in? Don’t be shy, apply!Job DescriptionAs the Director of the Information Security, you will leads the design, implementation, and continuous improvement of the Group’s global information security strategy. Conducting digital banking across 10 jurisdictions and operating two banking licenses, the role ensures consistent protection of customer and corporate data, regulatory compliance, and operational resilience for the entire Swissquote Group.Reporting directly to the Chief Operating Officer, the Head of Information Security oversees all security functions, including Governance, Risk & Compliance (GRC), Security Operations (SOC), and the Cyber Task Force (Security Engineering), ensuring a unified and risk-based approach to cybersecurity.Strategic LeadershipDefine and maintain the Group’s information security vision, strategy, and roadmap, aligning with business objectives, regulatory obligations, and evolving threat landscapes.Act as a trusted advisor to senior management and the Board on cyber risks, emerging threats, and investment priorities.Develop and maintain a global security framework aligned with ISO 27001, NIST, and regulatory standards such as DORA, NIS2, and GDPR.Promote a security-by-design and privacy-by-design across all products, platforms, and technology initiatives.Governance, Risk & ComplianceOversee the Group’s Information Security Management System (ISMS) and ensure continuous compliance with ISO 27001 certification, PCI-DSS, GDPR, DORA, and local regulations.Lead risk assessments, threat modeling, and risk treatment plans, ensuring appropriate mitigation and tracking.Manage security policies, standards, and procedures, ensuring consistency across all jurisdictions.Coordinate with Group Compliance, Risk, and Data Protection Officers to align information security with legal and regulatory frameworks.Oversee third-party and cloud security assessments to ensure supplier compliance and resilience.Security Operations & ResilienceSupervise SOC operations (internal and managed), ensuring proactive threat detection, vulnerability management, and incident response.Serve as the executive escalation point during major cyber incidents and ensure effective crisis coordination and communication.Maintain and test Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and Crisis Management frameworks (BIA,COOP) across entities.Drive continuous improvement in threat intelligence, red teaming, and digital forensics capabilities.Leadership & Team ManagementLead and develop the GRC, SOC, and Task Force teams, fostering a culture of accountability, innovation, and collaboration.Attract, develop, and retain top talent while ensuring clear roles, performance goals, and career progression paths.Promote security awareness and training across all levels of the organization to strengthen the security culture.Stakeholder & External EngagementRepresent the Group in front of regulators, auditors, and supervisory authorities on cybersecurity matters.Collaborate with IT, Software Engineering, Risk, Fraud, Compliance and Legal teams to integrate security into all key business initiatives.Maintain relationships with external partners, intelligence communities, and industry peers to anticipate and mitigate threats.QualificationsMandatory requirementsMinimum 8 years of experience in Information Security, including senior leadership roles within the financial or other highly regulated sectors.Strong expertise in cybersecurity governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, CIS, PCI-DSS).Proven track record in developing and managing complex, multi-jurisdictional security programs.Solid technical understanding of cloud security (AWS, Azure, GCP), SIEM/EDR platforms, identity and access management, and secure infrastructure architecture.Excellent leadership and communication skills, with the ability to influence and engage at Executive and Board level.Fluent command of English, both written and verbal.Strong people management capabilities, including coaching, team development, and conflict resolution.Good understanding of the regulatory environment and Group governance principles applicable to the banking sector.Awareness of the digital banking ecosystem, its products, and specific risk characteristics.Sound understanding of enterprise risk management frameworks and their interaction with information security governance.DesiredBachelor’s or Master’s degree in Computer Science, Information Security, or a related field.Professional certifications such as CISSP, CISM, CISA, GIAC, or ISO 27001 Lead Implementer/Auditor.Experience with DevSecOps, cloud-native environments, and regulatory engagement (CSSF, FINMA, ECB, etc.).Additional InformationSQ3