Head of Information Security, Basel

In this role, you hold

overall responsibility for information security

across the organization. You continuously develop the information‑security strategy, the

Information Security Management System (ISMS) , and the

internal control system (ICS) . You lead IT risk management, ensure the effective implementation of policies, standards, and processes, and act as the central authority for audits, assurance, and regulatory security topics. You represent the organization with confidence in customer interactions, RfPs, and audits, and report in a stakeholder‑appropriate manner to senior management.

Key Responsibilities Information Security Strategy&Governance

Define information‑security requirements and develop, maintain, and update security strategies, policies, and concepts

Continuously evolve the ISMS in line with business needs and regulatory requirements

Maintain and enhance information‑security governance structures across the organization

Ensure alignment with group‑level security principles and reporting structures

Risk Management&Internal Control System (ICS)

Lead IT and information‑security risk management activities

Develop, operate, and continuously improve the internal control system (ICS) for information security

Carry out security controls within your area of responsibility and derive improvement measures

Define security metrics and provide regular, structured reporting on the organization’s security posture

Audit, Assurance&Compliance

Take full ownership of audit and assurance topics, with a strong focus on ISAE3402

Ensure high quality, completeness, and traceability of evidence management and proof‑of‑compliance activities

Coordinate and support internal and external audits on information‑security topics

Ensure compliance with applicable regulatory frameworks and legal requirements (e.g. FINMA Circular2023/1)

Security Operations&Architecture

Steer security operations and security testing activities

Accompany and advise on security‑related architecture, transformation, and digitalization projects

Support the handling of information‑security incidents and related data‑protection breaches

Ensure pragmatic, risk‑based security solutions that support business continuity

Stakeholder&Vendor Management

Act as the central contact person for customers, RfPs, audits, and security inquiries

Advise the Head of IT and IT teams on the implementation and execution of security processes

Counsel and support responsible parties in fulfilling their information‑security obligations

Own vendor and third‑party security management

Training, Awareness&Group Collaboration

Plan and conduct training sessions to raise information‑security awareness among employees

Support continuous improvement of security culture across the organization

Actively contribute to selected initiatives and projects within the CISO Office of Swiss Life Switzerland

Must‑Have Qualifications

Higher professional education (HF, FH, or university degree), preferably in:

Computer Science

Business Informatics

or a comparable field

Several years of professional experience (minimum 3 years) in:

A comparable information‑security role in a regulated environment, or

Information‑security consulting

In‑depth knowledge of common information‑security standards and frameworks, such as:

ISO2700x series

BSI IT‑Grundschutz

NIST

Strong understanding of applicable regulatory and legal requirements, including FINMA Circular2023/1

Clear, audience‑appropriate communication skills and a high level of personal responsibility

Structured, analytical decision‑making and strong time‑management skills

Pragmatic, solution‑oriented mindset

Excellent German language skills (ideally native speaker) and good English skills

Nice‑to‑Have

Advanced certifications in information security, such as:

CISSP

CISM

CISA

MAS in Information Security or Risk Management

Experience working in complex, group‑wide governance structures

Exposure to financial services or highly regulated industries beyond banking

Personality&Mindset

Highly responsible and reliable with a strong sense of ownership

Structured, analytical, and risk‑aware

Confident communicator across technical, business, and executive audiences

Pragmatic problem solver with a continuous‑improvement mindset

Collaborative and comfortable working across organizational boundaries

What We Offer

A key leadership role with end‑to‑end ownership of information security

High visibility within senior management and group‑level security functions

Influence on strategy, architecture, and regulatory positioning

Opportunities to shape security culture and governance in a regulated environment

Long‑term development opportunities within a stable and reputable organization

#J-18808-Ljbffr