Head of IT Security Operations & Controls (80-100%)

Manage a team of approx. 4 individuals: hiring, coaching, and creating an environment where people do the best work of their careers.

SoC leadership & incident response: Run day to day SoC operations, elevate detection & response maturity, and lead major incident command calmly under pressure. Ensure investigations are rigorous, evidence based, and drive tactical fixes as well as strategic improvements.

Strategy & modernization: Define and execute the SoC strategy for the next 2-3 years, including pragmatic adoption of cloud and AI assisted threat detection, triage, and automation (SOAR).

Security control operations: Own the operating effectiveness of key controls (e.g., vulnerability management, baseline security, DLP). Ensure continuous control monitoring, coverage metrics, and clear KRIs/KPIs that matter to the business.

Establish, own, and execute the bank's penetration testing, red team, and purple team roadmap -coordinating internal capabilities and external partners to simulate realistic adversary behaviors and ensure continuous improvement of detection, response, and control effectiveness.

Oversee the operational workflow of the security team, including triaging incoming support tickets, security requests, and operational tasks. Ensure efficient dispatching and prioritization of work across the CISO organization and maintain clear service level expectations with internal stakeholders.

Enterprise & engineering integration: Partner closely with Architecture, Engineering, Infrastructure, IT Ops, and Developers to land controls and patterns that scale.

Resilience & recovery: Strengthen incident readiness, tabletop exercises, and post incident "close call" learning to boost resilience and reduce repeat issues.

Stakeholder trust: Engage customers, auditors, and internal leaders; translate risk into clear business context; advocate for secure by default choices.

10+ years in cybersecurity with direct leadership of SoC and Incident Response functions, including people leadership (hiring, coaching, performance).

Demonstrated success running security operations in complex environments (on premise and cloud)

Strong systems thinking; you connect detections, controls, processes, and behaviors into a coherent operating model with measurable outcomes (KRIs/KPIs and OKRs).

Evidence of automation mindset (e.g., SOAR playbooks, detection as code, continuous control monitoring).

Excellent communicator and partner to architecture, engineering, and infrastructure team.

Calm and accountable during incidents.

Resident in Switzerland or willingness to relocate

Experience in a regulated industry (e.g., banking/financial services) and familiarity with audit/alignment frameworks (e.g., ISO 27001, NIST CSF, ISAE, data protection requirements).

Track record introducing AI/ML or analytics to SoC workflows (e.g., assisted triage, enrichment, detection engineering).

Customer facing or regulator engagement experience and security advocacy.

Mission centric, humble leadership that attracts talent and grows careers.

Pragmatic risk management

Comfortable operating in degrees of risk, not absolutes.

Intellectual curiosity and bias for action; you improve processes, not just operate them.

SoC stack: SIEM, SOAR (automation/playbooks), EDR/XDR/NDR, threat intel platforms, sandboxing, case management

Controls operations: Vulnerability scanning/management configuration baseline & hardening, DLP email security, web proxy, endpoint protection, PAM/IAM, secrets management.

Cloud & data: logging, monitoring, and security services, CSPM, SSPM, container security, data security posture management.

Engineering integration: CI/CD hooks for security tests, detection as code, infrastructure as code baselines, policy as code, ticketing & workflow.

Risk & assurance: KRIs/KPIs dashboards, control coverage and effectiveness reporting, continuous control monitoring; support for audits/assessments.