Head of Cyber Security

Mission:

Drive the bank's cybersecurity strategy and risk management efforts to protect information assets, ensure compliance and support business objectives.

Main responsibilities:

Cyber Risk Management

• Identify, assess, and prioritize cyber risks to critical banking systems, customer data, and business continuity.
• Develop and maintain a comprehensive risk management framework, including periodic cyber risk assessments, penetration tests, and audits.
• Advise senior management and the Board on cybersecurity risks, mitigation strategies, and emerging threat landscapes.

Operational Management

• Oversee the implementation, operation, and continuous improvement of cybersecurity technologies, including firewalls, intrusion detection systems, SIEM/SOAR platforms, endpoint protection, and network segmentation.
• Provide strategic oversight and collaborate with the Access Management team to ensure robust identity governance, privileged access controls.
• Support the development of the Security Operation Team to ensure effective detection, response and recovery capabilities aligned with the bank's risk appetite.
• Support the development of the bank's incident response plans and investigations, ensuring lessons learned feed back into process and system improvements.
• Collaborate closely with IT and architecture teams to ensure secure design, implementation, and monitoring of systems, applications, and cloud environments.

Strategic and Cybersecurity Vision

• Develop and implement a bank-wide cybersecurity strategy aligned with business objectives and evolving threat landscapes.
• Define and drive security architecture standards and roadmaps, ensuring integration of access control, authentication, encryption, and monitoring capabilities.
• Establish short- and long-term cybersecurity goals, budgets, maturity roadmaps, and KPIs.
• Stay ahead of emerging cyber threats, technologies, industry trends, and regulatory changes to maintain and continuously improve the bank’s security posture.

Compliance and Governance

• Ensure compliance with regulatory requirements (e.g., FINMA, GDPR) and alignment with industry standards (e.g., ISO 27001, NIST, SWIFT CSP) across all bank entities.
• Lead audits, certifications (e.g., ISO 27001, SOC 2), and regulatory inspections related to cybersecurity, access management, and data protection.
• Continuously review and update cybersecurity policies, access management frameworks, and operational protocols to reflect best practices and legal obligations.

Team Leadership

• Build and lead a high-performing cybersecurity team, including recruitment, training, upskilling, and mentorship, with expertise across SOC operations, security engineering, access management, and incident response.
• Foster collaboration across IT, Risk, Legal, Compliance, and Business Units to embed a culture of security awareness, ownership, and accountability.

Vendor and Third-Party Management

• Evaluate, select, and manage relationships with third-party vendors providing cybersecurity products, SOC services, or consultancy support.
• Ensure security requirements, including access controls, monitoring, and data protection, are embedded in vendor selection, contracts, and ongoing management.

Personal skills:

• Communication Skills: Ability to explain complex technical risks and security measures clearly to non-technical executives and stakeholders.
• Decision-Making: Capacity to make timely, risk-informed decisions, even under pressure or in crisis situations.
• Collaboration: Strong ability to foster cross-functional cooperation (with IT, Risk, Compliance, Business Units, etc.).
• Adaptability and Resilience: Comfort with change, ability to adapt quickly to new threats, regulatory shifts, or organizational changes.