Head Of Group Information Security H/F Swissquote

As the Director of the Information Security, you will leads the design, implementation, and continuous improvement of the Group's global information security strategy. Conducting digital banking across 10 jurisdictions and operating two banking licenses, the role ensures consistent protection of customer and corporate data, regulatory compliance, and operational resilience for the entire Swissquote Group.

Reporting directly to the Chief Operating Officer, the Head of Information Security oversees all security functions, including Governance, Risk & Compliance (GRC), Security Operations (SOC), and the Cyber Task Force (Security Engineering), ensuring a unified and risk-based approach to cybersecurity.

- Strategic Leadership
- Define and maintain the Group's information security vision, strategy, and roadmap, aligning with business objectives, regulatory obligations, and evolving threat landscapes.
- Act as a trusted advisor to senior management and the Board on cyber risks, emerging threats, and investment priorities.
- Develop and maintain a global security framework aligned with ISO 27001, NIST, and regulatory standards such as DORA, NIS2, and GDPR.
- Promote a security-by-design and privacy-by-design across all products, platforms, and technology initiatives.
- Governance, Risk & Compliance
- Oversee the Group's Information Security Management System (ISMS) and ensure continuous compliance with ISO 27001 certification, PCI-DSS, GDPR, DORA, and local regulations.
- Lead risk assessments, threat modeling, and risk treatment plans, ensuring appropriate mitigation and tracking.
- Manage security policies, standards, and procedures, ensuring consistency across all jurisdictions.
- Coordinate with Group Compliance, Risk, and Data Protection Officers to align information security with legal and regulatory frameworks.
- Oversee third-party and cloud security assessments to ensure supplier compliance and resilience.
- Security Operations & Resilience
- Supervise SOC operations (internal and managed), ensuring proactive threat detection, vulnerability management, and incident response.
- Serve as the executive escalation point during major cyber incidents and ensure effective crisis coordination and communication.
- Maintain and test Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and Crisis Management frameworks (BIA,COOP) across entities.
- Drive continuous improvement in threat intelligence, red teaming, and digital forensics capabilities.
- Leadership & Team Management
- Lead and develop the GRC, SOC, and Task Force teams, fostering a culture of accountability, innovation, and collaboration.
- Attract, develop, and retain top talent while ensuring clear roles, performance goals, and career progression paths.
- Promote security awareness and training across all levels of the organization to strengthen the security culture.
- Stakeholder & External Engagement
- Represent the Group in front of regulators, auditors, and supervisory authorities on cybersecurity matters.
- Collaborate with IT, Software Engineering, Risk, Fraud, Compliance and Legal teams to integrate security into all key business initiatives.
- Maintain relationships with external partners, intelligence communities, and industry peers to anticipate and mitigate threats.