Chief Information Security Officer
Role details
Job location
Tech stack
Job description
Threema is a company that not only promises security and data protection in its advertising, but also lives up to these promises. This is also reflected in our successful product. However, with our strong growth from a small to a medium-sized company, it has become necessary to formalize many internal processes. We are therefore looking for a dedicated person who can take care of these tasks and who has the necessary experience to do so.
As the future CISO at Threema, you will be responsible for internal IT security. The role reports directly to the CTO. Your responsibilities will include:
Developing a company-wide security strategy
- Establishing an information security management system (ISMS)
- Developing and enforcing security policies
- Conducting risk assessments and business impact analyses
- Developing incident response and disaster recovery plans
- Supporting certification processes
- Ensuring compliance with data protection regulations in cooperation with our legal counsel
- Raising employee awareness of information security issues
- Continuously analyzing and optimizing information security within the company
- Working closely with the CTO and the operations team
We are looking for someone who takes a practical approach to these issues and has a hands-on mentality. We want to continue to live security, not just regulate it, and prefer technical measures over organizational measures wherever possible.
Requirements
Do you have experience in macOS?, Our IT environment is not typical of a classic Swiss SME with Microsoft technologies and many cloud services. Instead, we rely on macOS and Linux, use open-source services where appropriate and possible, and operate most of the services we use on-premises. We are looking for someone who likes to get involved and can also help with the management and implementation of projects.
Ideally, you will have the following:
- A degree in computer science or comparable training
- At least five years of relevant work experience as a CISO or in similar positions
- In-depth knowledge of network security, application security, and data loss prevention
- Experience with common security technologies (firewalls, intrusion detection/prevention, SIEM solutions, endpoint protection, MDM systems, vulnerability scanners, etc.)
- Knowledge of conducting penetration tests and security audits
- Familiarity with common security frameworks and standards (ISO27k, NIST, CIS, SOC 2)
- Experience with open source technologies
- Strong sense of responsibility, precise working style
- Positive mindset with enthusiasm for information security and privacy issues
- Good written and spoken German and English
Benefits & conditions
- A young and motivated team with flat hierarchies and straightforward communication
- Opportunity to work on many different projects and improve and define processes
- Work-life balance: flexible working hours and the option to work from home two days a week
- Option to work from anywhere for two weeks per year
- Opportunity to take unpaid leave
- You can choose your own hardware (macOS or Linux)
- Public transport discount or access to free parking
- A fitness room and a table tennis table
- Internal German or English courses
- A great coffee machine :-)
- Regular events and drinks receptions
- The good feeling of contributing to the effective protection of the privacy of millions of people
