Callum Dudrenec

We are partnered with a digital asset bank looking to hire a senior information security manager in Zurich, to lead and enhance our technology-risk, cybersecurity, and operational resilience programme. Responsibilities include: Maintain and update the enterprise risk register and Information Security Management System (ISMS) in alignment with DORA and ISO 27001.Oversee the Business Impact Analysis (BIA) and Business Continuity/Disaster Recovery Plan (BCM/DRP), including testing, gap analysis, and reporting.Manage the relationship with the managed SIEM/SOC provider; validate detection rules, incident playbooks, and SLAs; organise purple-team exercises.Conduct pre-deployment security reviews of cloud architecture and CI/CD pipelines, ensuring embedded and tested controls.Define and track key risk and performance indicators (KRIs/KPIs) for areas including identity management, data protection, infrastructure resilience, and incident response.Lead the full third-party and outsourcing risk lifecycle, including due diligence, contract negotiation, and ongoing monitoring.Interpret and monitor regulatory updates (e.g., DORA, MiCAR, GDPR) and translate them into actionable control requirements and compliance evidence.Promote a security-conscious culture through training sessions, phishing simulations, and awareness programmes across business and engineering teams. Requirements: Minimum of 7 years in information security, IT risk, or technology audit roles, ideally within a regulated fintech, bank, or SaaS environment.At least 3 years performing structured risk oversight, control testing, or governance responsibilities.Strong working knowledge of DORA, ISO 27001, GDPR, and at least one supervisory framework (e.g., EBA ICT/Security Guidelines, BaFin, FINMA, CSSF).Broad technical understanding across key domains such as access management, data protection, incident governance, vulnerability management, and third-party risk.Comfortable handling crypto-key management and security modules without requiring cryptography expertise.Excellent communication skills with the ability to distill complex technical issues into business-relevant terms; fluent English required, German an advantage.Holds a recognised certification such as CISSP, CISM, CISA, CRISC, CCSP, or ISO 27001 Lead Implementer/Auditor. If this role is something you are a fit for, apply with us today!