We are partnered with a digital asset bank looking to hire a senior information security manager in Zurich, to lead and enhance our technology-risk, cybersecurity, and operational resilience programme.
 
Responsibilities include: 
  • Maintain and update the enterprise risk register and Information Security Management System (ISMS) in alignment with DORA and ISO 27001.
  • Oversee the Business Impact Analysis (BIA) and Business Continuity/Disaster Recovery Plan (BCM/DRP), including testing, gap analysis, and reporting.
  • Manage the relationship with the managed SIEM/SOC provider; validate detection rules, incident playbooks, and SLAs; organise purple-team exercises.
  • Conduct pre-deployment security reviews of cloud architecture and CI/CD pipelines, ensuring embedded and tested controls.
  • Define and track key risk and performance indicators (KRIs/KPIs) for areas including identity management, data protection, infrastructure resilience, and incident response.
  • Lead the full third-party and outsourcing risk lifecycle, including due diligence, contract negotiation, and ongoing monitoring.
  • Interpret and monitor regulatory updates (e.g., DORA, MiCAR, GDPR) and translate them into actionable control requirements and compliance evidence.
  • Promote a security-conscious culture through training sessions, phishing simulations, and awareness programmes across business and engineering teams. 
Requirements: 
  • Minimum of 7 years in information security, IT risk, or technology audit roles, ideally within a regulated fintech, bank, or SaaS environment.
  • At least 3 years performing structured risk oversight, control testing, or governance responsibilities.
  • Strong working knowledge of DORA, ISO 27001, GDPR, and at least one supervisory framework (e.g., EBA ICT/Security Guidelines, BaFin, FINMA, CSSF).
  • Broad technical understanding across key domains such as access management, data protection, incident governance, vulnerability management, and third-party risk.
  • Comfortable handling crypto-key management and security modules without requiring cryptography expertise.
  • Excellent communication skills with the ability to distill complex technical issues into business-relevant terms; fluent English required, German an advantage.
  • Holds a recognised certification such as CISSP, CISM, CISA, CRISC, CCSP, or ISO 27001 Lead Implementer/Auditor. 
If this role is something you are a fit for, apply with us today!