Governance Risk & Compliance Security Controls Analyst (m/f) - Job based in Switzerland
cGovernance Risk & Compliance Security Controls Analyst (m/f) - Job based in Switzerland
This role supports the programs of ISM (Information Security Management) and Governance Risk & Compliance (GRC) which include risk management, compliance management, assessments, information security controls and awareness. This position is specifically responsible for understanding and promoting compliance with confidentiality/privacy and IT controls, including those relevant to laws, regulations, and industry security standards and frameworks.
What is it about?
- Identify, document, and assess information security vulnerabilities and risks in the information technology environment.
- Evaluate identified vulnerabilities and risks, working with business owners, risk management, IT leaders and subcontractors
- Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be complete
- Track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting to constituents
- Monitor appropriate sources for newly identified vulnerabilities, evaluate the risk such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities.
- Monitor appropriate industry sources to maintain awareness of new security tools and techniques and research those tools and techniques that have the potential to improve the organization’s ability to protect its information and infrastructure.
- Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization.
- Maintain expertise in identifying security risks in the hardware, software, and systems used by the organization.
- Participate in appropriate opportunities continuing education, seminars, participation in field-related professional organizations, and so on to remain current on developments in information security profession.
- Ensure that identified risks are managed in accordance with the Risk Management program.
- Report administratively to local management and functionally to Chief Confidentiality Officer
Who are you?
- Bachelor’s degree desired (e.g., Information Security, Information Protection, Computer Information Systems, Computer Science, Computer Engineering, Information Systems Management) or equivalent educational or professional experience and/or qualifications.
- Industry certification preferred (e.g., CISA, CISSP, CRISC, etc.)
- Minimum 3 years of experience with information technology security programs, audits, controls, assessments, risk assessments, or remediation management
- Familiarity with privacy laws, data protection/security regulations, and frameworks, such as COBIT, ISO27002 and ITIL.
- Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.)
- Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of Deloitte and non-Deloitte personnel
- Excellent communication, listening and facilitation skills
- Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues and obstacles
- Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
- Hands-on experience and a solid understanding of Security Controls
- French speaking is either a must or a strong asset
- FINMA circulars knowledge would be a strong asset as well.
What do we offer?
Join us as in Switzerland and:
- Work alongside recognized experts
- Enjoy and promote diversity in our multicultural teams
- Team up with dynamic and energetic young professionals within a challenging and knowledge-sharing environment
Deloitte is committed to making an impact that matters for our clients, our people and society—aspiring to reach new levels of expertise by constantly challenging ourselves.
What impact will you make?