Information Security Specialist

The Information Security Specialist is responsible for ensuring the safety and security of the organization’s assets. This role specifically involves preparing, achieving, and maintaining ISO 27001 compliance. The Information Security Specialist will work closely with various departments to ensure that all security measures are up-to-date and effective, and that the organization is prepared for and protected against security threats.

Main Responsibilities

Compliance and Certification:

• Manage the ISO 27001 certification and afterwards ensure the organization complies with ISO 27001 standards, including documentation, risk management, and internal audits.
• Coordinate with external auditors for ISO 27001 certification and maintain certification through continuous improvement and compliance efforts.
• Implement and monitor compliance with industry standards and regulations, ensuring the organization meets all information security and reporting requirements.
• Develop and maintain security policies, procedures, and audit records, updating them as needed to reflect changes in the regulatory environment.
• Support customers by addressing compliance inquiries.

Information Security:

• Oversee information security measures, assess the organization’s maturity level, monitor and report on performance.
• Conduct regular assessments to identify weaknesses in the organization’s infrastructure.
• Monitor activity for suspicious behavior and respond to potential threats.
• Ensure that backup systems are in place and that data recovery procedures are regularly tested.

Training and Awareness:

• Conduct regular training sessions for employees on information security and compliance.
• Promote a culture of security awareness throughout the organization, encouraging employees to report potential security issues.
• Develop and distribute educational materials related to security policies, procedures, and the importance of compliance.

Incident Response and Reporting:

• Lead the organization’s incident response team, coordinating efforts to contain and mitigate the impact of security breaches.
• Document and report security incidents in accordance with industry standards and regulations, ensuring timely communication with relevant authorities.
• Analyze security incidents to determine root causes and implement measures to prevent future occurrences.

Risk Management:

• Conduct regular risk assessments to identify potential security threats and vulnerabilities.
• Develop and implement risk mitigation strategies to protect the organization’s assets.
• Maintain an up-to-date risk register and ensure that risks are managed in accordance with the organization’s risk management framework.

Professional Experience & Specific Skills

Mandatory

• Minimum of 3-5 years of experience in a security-related role.
• In-depth knowledge of ISO 27001 standards and certification process, as well as familiarity with other industry standards (NIST CSF), regulations (GDPR, NIS2, CRA) and their implications for organizational security.
• Strong understanding of information security principles.
• Excellent problem-solving and decision-making skills.
• Ability to work independently and as part of a team.
• Strong communication skills, with the ability to convey complex security concepts to non-technical staff.
• Proficiency in using security management tools and software.

Desirable (nice to have)

• Willingness to participate in ongoing training and professional development opportunities.

Relevant Qualification/education and training

• Education: Bachelor’s degree in Security Management, Information Technology, or a related field. Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Auditor are highly desirable.

Language skills

Mandatory (Must)

• English

We Offer

• A company culture Focusing on our Customers, Operating with Ethics and Integrity, Driving Simplicity, Learning, Improving & Delivering Together.
• A multicultural team and modern working environment with state-of-the-art facilities and technologies.
• Challenging assignments in a fast growing and innovative industry.
• Various opportunities for personal and professional development within a global organization.
• Flexible hours and hybrid working policy.  
• Centrally located office in Zug, very close to the train station.