Head of IT Security Operations & Controls (80-100%)

Reporting to our Chief Information Security Officer, you will lead the bank's Operational Security function - owning our SoC (analysts and engineering), incident response, and the effectiveness of our frontline security controls. Your mission is to maximize the safe use of our digital assets, protect customers information, and keep the business fast, compliant, and resilient., * Manage a team of approx. 4 individuals: hiring, coaching, and creating an environment where people do the best work of their careers.

• SoC leadership & incident response: Run day-to-day SoC operations, elevate detection & response maturity, and lead major incident command calmly under pressure. Ensure investigations are rigorous, evidence-based, and drive tactical fixes as well as strategic improvements.
• Strategy & modernization: Define and execute the SoC strategy for the next 2-3 years, including pragmatic adoption of cloud and AI-assisted threat detection, triage, and automation (SOAR).
• Security control operations: Own the operating effectiveness of key controls (e.g., vulnerability management, baseline security, DLP). Ensure continuous control monitoring, coverage metrics, and clear KRIs/KPIs that matter to the business.
• Establish, own, and execute the bank's penetration testing, red team, and purple team roadmap -coordinating internal capabilities and external partners to simulate realistic adversary behaviors and ensure continuous improvement of detection, response, and control effectiveness.
• Oversee the operational workflow of the security team, including triaging incoming support tickets, security requests, and operational tasks. Ensure efficient dispatching and prioritization of work across the CISO organization and maintain clear service-level expectations with internal stakeholders.
• Enterprise & engineering integration: Partner closely with Architecture, Engineering, Infrastructure, IT Ops, and Developers to land controls and patterns that scale.
• Resilience & recovery: Strengthen incident readiness, tabletop exercises, and post-incident "close-call" learning to boost resilience and reduce repeat issues.
• Stakeholder trust: Engage customers, auditors, and internal leaders; translate risk into clear business context; advocate for secure-by-default choices., You don't need all of these on day one-but you should be fluent in the landscape and know how to choose and operate the right tools at the right depth.
• SoC stack: SIEM, SOAR (automation/playbooks), EDR/XDR/NDR, threat intel platforms, sandboxing, case management
• Controls operations: Vulnerability scanning/management configuration baseline & hardening, DLP email security, web proxy, endpoint protection, PAM/IAM, secrets management.
• Cloud & data: logging, monitoring, and security services, CSPM, SSPM, container security, data security posture management.
• Engineering integration: CI/CD hooks for security tests, detection-as-code, infrastructure-as-code baselines, policy-as-code, ticketing & workflow.
• Risk & assurance: KRIs/KPIs dashboards, control coverage and effectiveness reporting, continuous control monitoring; support for audits/assessments.

Our Maison's DNA is defined by five core values. Excellence drives us to be the best at what we do, while Innovation fuels our progress. Respect underpins every interaction, and Integrity shapes our actions. Together, we are One Team, united in serving our clients with unwavering dedication.

As a responsible and supportive employer, we promote a diverse and inclusive work environment for our employees and candidates. Diversity, Equity and Inclusion are woven into the fabric of our Maison's DNA, and we strive to ensure that our employees can fulfill both their personal and professional aspirations by encouraging internal mobility and individual upskilling programs. We firmly believe that building Diverse Teams contributes to our successes and to deliver on this, we actively embed Diversity, Equity and Inclusion in our business strategy.

• 10+ years in cybersecurity with direct leadership of SoC and Incident Response functions, including people leadership (hiring, coaching, performance).
• Demonstrated success running security operations in complex environments (on-premise and cloud)
• Strong systems thinking; you connect detections, controls, processes, and behaviors into a coherent operating model with measurable outcomes (KRIs/KPIs and OKRs).
• Evidence of automation mindset (e.g., SOAR playbooks, detection-as-code, continuous control monitoring).
• Excellent communicator and partner to architecture, engineering, and infrastructure team.
• Calm and accountable during incidents.
• Resident in Switzerland or willingness to relocate

Nice-to-haves:

• Experience in a regulated industry (e.g., banking/financial services) and familiarity with audit/alignment frameworks (e.g., ISO 27001, NIST CSF, ISAE, data protection requirements).
• Track record introducing AI/ML or analytics to SoC workflows (e.g., assisted triage, enrichment, detection engineering).
• Customer-facing or regulator engagement experience and security advocacy.

A career at Lombard Odier means working for a renowned global wealth and asset manager, with a strong focus on sustainable investing. An innovative bank of choice for private and institutional clients, our independently owned Firm is one of the best-capitalised banking groups in the world, managing close to CHF 300 billion and operating from over 25 offices across 4 continents. With a history spanning over 225 years, Lombard Odier is an investment house providing a comprehensive offering of discretionary and advisory portfolio management, wealth services and custody. We also offer asset management services and investment strategies through Lombard Odier Investment Managers and provide advanced banking technology to other financial institutions. "Rethink Everything" is our philosophy - it is at the heart of everything we do. We have grown stronger through more than 40 financial crises by rethinking the world around us to provide a fresh investment perspective for our clients. Head of IT Security Operations & Controls (80-100%) The CISO organization protects Lombard Odier and our Clients against the risk of data theft and business disruption due to cyber-attacks or malicious insiders. The team is composed of approx. 15 talented team members that cover all aspects of security for the Group.