Information Security and Data Protection Expert

Information Security and Data Protection Expert

Job description (mission and activity)

Expert will strengthen the Information Systems Security team in its main activities, in particular to:
* defining security policy and guidelines and ensuring their application within the institution's processes and tools;
* participate as an expert in information system (IS) security projects and carry out security requirements in other development projects;
* carry out operational monitoring of issues related to the security of the IS;
* Raise awareness among users of information security issues, risky practices and recommended good behaviours;
* participate in the preparation and testing of the IT department's continuity plans;
* keep the IS security reference system up to date (processes, risk mapping, etc.).
* The information system, which consists in particular of web applications designed and developed in-house, is set to undergo in-depth changes in the short to medium term due to the launch of the programme to digitise the Geneva judicial file and the intercantonal cyberjustice project (Justitia 4.0)

Important information

* Start day: approx. May 5, 2025
* Duration: up to 5 years
* Location: Geneva

Training Requirements

* University degree in information systems (master's level, EPFL) or HES or training deemed equivalent;
* Specialization in information security attested by a diploma (CAS in IS security or equivalent) or an advanced certification recognized in the field.

Mandatory skills

* Minimum 5 years' experience in the field;
* Practice of risk analysis in IS evolution projects or on existing components (identification of threats and vulnerabilities, formalization of risk scenarios, risk treatment and remediation plans, etc.), using normative frameworks (ISO-27005 or equivalent) and standard methods (EBios RM, etc.);
* Ability to work closely with IT teams, including understanding and discussing technical issues (related to application components or technical issues), issues related to the operation of systems and user assistance, continuity plans and risks for the IT department, etc.;
* Perfect command of the French language (oral and written);
* Very good writing skills, experience in drafting various types of documents: security policies and guidelines, information security awareness materials, management briefing notes, etc.;
* Fluency in public speaking, in facilitating presentation and/or training sessions, and in dialogue with users, including conducting working sessions and workshops;
* Mastery of office automation tools.

Sthree Switzerland is acting as an Employment Business in relation to this vacancy.