Information Security Engineer
The Job’s mission
The Information Security Engineer contributes to IMD’s Information Security strategy and its implementation. He/she is a key point of contact for Information Security, acting as a subject matter expert SME (and advisor) to the organization. In addition, he/she will ensure that IMD’s Information Security (ISMS) processes, policies and procedures, are aligned to the relevant regulatory standards as well as client expectations and requirements. Finally, the Information Security Engineer ensures robust application security and reliable operation of IMD’s technical (network) infrastructure.
At a high level he/she is expected to:
- Support the development of an enterprise wide security program to drive the continuous improvements of IMD’s security posture.
- Oversee security incident response and participate in the investigation of security breaches
- Execute vulnerability management process, vulnerability remediation and patch management oversight
- Determines security requirements and countermeasures used to protect network, applications, services and solutions, and take preventive measures to improve business resilience
- Support the staff on security topics and contribute to security training material
- Communicate continuously on « Current Posture » vs « Current Threats », and on improvement initiatives progress or challenges
Key activities & accountabilities
- Contribute to the implementation and maintenance of the Information Security Management System based on the ISO/IEC 27001, including both managerial and technical controls, so to achieve and maintain certification against ISO/IEC 27001:2013
- Foster the development of an enterprise-wide cyber risk management culture and support information security risk assessments and controls selection activities including for elements such as client data and intellectual property protection
- Perform gap analysis against information security targets and create compliance reports against cybersecurity best practices, client vendor security programs and other requirements and regulations
- Contribute to the implementation of information security policies and other relevant information security related documentation and procedures
- Perform testing of internal controls specified in Information Security Policies and perform internal reviews to assess the effectiveness of current information security controls
- Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting
- Reviews data flows, prepares their mappings and ensures adequate data protection
- Monitor security vulnerabilities and threats of attacks against our digital assets both on premise and in the cloud
- Implement an effective incident response process for the reporting of security incidents, oversight of investigation and prompt resolution and containment of discovered and reported security breaches
- Manage third party security assessment program to minimize risk associated with business partners and vendors
- Reviews and completes customer security and privacy questionnaires as well as data privacy, data security and data protection agreements
- Reviews and participates in the negotiations of contracts, including service agreements, IP and data licensing agreements, NDAs, vendor agreements to address data protections and security matters.
- Information technology or information security master’s degree
- Active industry security certification(s) such as CISSP (minimum), CISM and CISA (desirable)
- Practical experience working with Microsoft and Azure Security services such as ATP Defender, Privileged Identity Management, MCAS, Sentinel, etc.
- Minimum of 7 years’ experience in an IT role within an international, multi-cultural business environment with a minimum of 3 years focusing on information security
- Experience with drafting of standard, reference architecture, policies, procedures and implementation guidelines
- Experience working with a Security Operation Center especially strong incident handling experience including knowledge of common probing and attack methods, network/service discovery, system auditing/testing, and malwares
- In depth knowledge of the cybersecurity ecosystem with a profound understanding of its forces and trends, and how emerging technologies will impact them
- Experience and success in delivering client engagements on-time and within budget
- Experience in governance of IT, software development lifecycle and infrastructure management.
- Cloud technology and architecture experience would be a plus (specifically Salesforce, Office365, OneLogin)
- DevOPS, SecDevOps, Agile methodologies experience would be a plus.
- Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
- A passion for technology and security safeguarding with a desire to deliver
- Strong customer focus
- Ability to plan and manage at both strategic and operational levels
- Proven evidence of successfully working in matrix organization and demonstrated leadership skills including management-by-influence
- Excellent communication skills – providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders.
The Institute for Management Development (IMD) is an independent academic institution with Swiss roots and global reach, founded almost 75 years ago by business leaders for business leaders. Since its creation, IMD has been a pioneering force in developing leaders who transform organizations and contribute to society.
Based in Lausanne (Switzerland) and Singapore, IMD has been ranked in the Top 3 of the annual FT’s Executive Education Global Ranking for the last nine consecutive years and in the top five for 17 consecutive years. Our MBA and EMBA programs have repeatedly been singled out among the best in Europe and the world.
We believe that this consistency at the forefront of our industry is grounded in IMD’s unique approach to creating “Real Learning. Real Impact”. Led by an expert and diverse faculty, we strive to be the trusted learning partner of choice for ambitious individuals and organizations worldwide. Challenging what is and inspiring what could be.
How to apply
If you have the above skills and would like to work in our stimulating environment, please send your complete application file (letter of motivation and resume in English, copies of your work certificates and diplomas) to [email protected].
A valid Swiss work permit or Swiss or EU-25EFTA citizenship is required for this position.