Senior Cybersecurity Operations Officer

Company Description

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 10 countries, and more than 160 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.
We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

**Job Description**:
**Your team**

You are part of the Security Operations team within the Chief Information Security office at Avaloq. Your team supports the security systems and processes across APAC to protect our internal and external clients. The team is responsible for administering security systems, develop security standards, manage, and resolve security incidents, provide guidance on security matters, among others. We collaborate with cybersecurity teams and specialists spread out globally across Avaloq and are thoroughly excited by the challenges that come our way.

You can expect a demanding and complex international environment, which is highly stimulating and encouraging. The international growth of the company demands your structured and innovative approach, as well as flexibility to a high degree. As a committed team player, you will support developing the maturity of the security operations, its controls, tools, and processes.

**Your key tasks**
- Assist in preparing for and participating in security audits, including gathering evidence, providing documentation, and addressing auditor inquiries
- Develop and execute vulnerability management plan, including vulnerability scanning, assessment, prioritization, and remediation actions.
- Coordinate and conduct regular penetration testing exercises to identify potential weaknesses and validate the effectiveness of security controls.
- Administration of Privilege Management Solutions and support periodic review of privileges.
- Articulate systems and methodologies as well as reply to security-related events and support in remediation efforts.
- Liaise with other support teams, or product teams as required to resolve requests/issues in a timely manner
- Escalations and Vendor management handling skills
- Be on routine standby to support the security operations tasks.
- Develop and maintain a **security control framework** to ensure that security management systems and policies are effective, providing recommendation and remediation.
- Develop and support emergency procedures and oversee **incident responses** as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as required.
- Support the **development and implementation of security standards, guidelines,** and processes to ensure the ongoing maintenance of logical security.
- Conduct **independent security audits and risk management assessments** to verify and provide an opinion on the security posture.
- Support and maintain the APAC’s **Information Security Management System (ISMS)** to assure continuous compliance with regulations, laws, and contractual obligations by adopting and deploying industry and market standards and accepted best practices.

**Qualifications**:
**What you need**
- Minimum **5 years of experience** in a similar role, i.e., in a combination role of **Cybersecurity Operations, IT operations and Risk Management**.
- Degree in tertiary studies in relevant fields such as Computer Science, Information Security, IT engineering etc., would be an advantage.
- Knowledge of security frameworks (e.g., NIST, ISO 27001) and regulatory standards.
- Excellent communication skills, both written and verbal.
- Familiarity and knowledge in major cloud platforms (e.g., AWS, Azure, GCP) and cloud security controls.

Additional Information

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices.
In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self.
We hire, compensate and promote regardless of origin, age, gender