CISO in kasko2go AG

kasko2go is currently looking for a qualified and experienced ⚡️Chief Information Security Officer⚡️ to join our team. The ideal candidate will monitor, improve, and control security activities. The CISO coordinates the entire process based on organizational goals, defines an IT security strategy and executes the entire process of security activities.

Responsibilities:
· Development and management of the security strategy
· Coordination and support for the IT security processes (ISO2700x)
· Handling of all data protection topics (e.g. EU GDPR, CH revDSG)
· Handling of security questions from external partners (e.g. clients)
· Identification of risks and measures
· Management of incidents
· Set-up, operation and monitoring of the ISMS, including follow-up on any audit and control issues
· Participate in the development and agreement of project documentation including architecture, business requirements, functional requirements, and technical specifications as part of the product lifecycle.
· Comprehensive cybersecurity of products and related processes, including regulatory compliance, at all stages of development and operation in cloud and on-premises infrastructure
· Identify threats and assess cybersecurity risks to products, related processes, systems and information infrastructure components. Selecting, implementing and monitoring the realisation of protection measures. Development of the product cyber security architecture.
· Developing secure development processes by global best practices and frameworks.
· Providing training for development teams on the use of best practices and secure development tools.
· Participate in incident management, remediation, root cause analysis and development of corrective actions.
· Management reporting
· Stakeholder engagement
· Organisation of security training for employees
· Organisation of penetration tests
· Verification of compliance status of service providers
· Organisation of annual review of IT security status (strengths, gaps and recommendations)

Competencies, Qualifications or Requirements:
— 7+ years of experience in similar positions.
— Understanding of modern web applications, microservice architecture (Google Cloud Platform), containerised applications, CI/CD and secure development processes (SSDLC).
— Knowledge of secure software development standards and methodologies, best practices and frameworks.
— Knowledge of authentication and authorisation system principles
— Experience in developing threat models
— Knowledge of and experience in applying international cybersecurity standards
— Experience and knowledge of implementing complex web application cybersecurity projects.
— Knowledge and experience in architecture development and application software design in terms of integration with information security tools and fulfilment of security functions.
— Experience in developing and implementing cyber security awareness programmes and embedding SSDLC practices into development teams.
— Infrastructure security experience
— Experience working with distributed teams.
— Strong communication and teamwork skills.
— Fluency in English.