Security Governance Risk Compliance Officer
Posted on May 13, 2025
Lugano
Italian
Posted on May 13, 2025
About this role
For a first class company we are looking for a Security GRC officer :
Requirements/Skills
he SGRC Officer is part of the team which has responsibility for the delivery of the governance, risk management and compliance elements of the information security strategy through helping to create information security policies, managing information security risk, providing training and reviewing information
Typical Duties and Responsibilities
Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.
The Security GRC Officer will be responsible for developing, implementing, and maintaining security governance, risk management, and compliance strategies to protect the bank's information assets. This role requires expertise in regulatory frameworks, risk assessments, and policy enforcement to ensure compliance with industry standards and cybersecurity best practices.
Key Responsibilities:
Governance:
Develop and maintain security policies, standards, and frameworks in line with industry best practices (e.g., ISO 27001, NIST, PCI-DSS).
Ensure alignment of security governance with regulatory and business objectives.
Work closely with internal and external auditors to support compliance audits and assessments.
Risk Management:
Identify, assess, and mitigate security risks across IT and business functions.
Conduct risk assessments and implement control measures to protect critical assets.
Develop and maintain the bank's risk register, ensuring timely reporting and risk mitigation.
Collaborate with stakeholders to improve the bank's security risk posture.
Compliance:
Ensure compliance with local and international banking regulations (e.g., GDPR, PSD2, SWIFT CSP).
Monitor changes in security regulations and implement necessary policy updates.
Conduct security awareness programs and training for employees.
Manage security incidents, investigations, and reporting in line with regulatory requirements.
Work Environment:
Typically office-based, with options for remote work (homeworking)
May require on-call availability for incident response.
Requirements
Qualifications & Experience:
Bachelor's or Master's degree in Cybersecurity, Information Security, Risk Management, or a related field.
Professional certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Auditor/Implementer are highly preferred.
Strong knowledge of regulatory requirements, risk frameworks, and control methodologies.
Experience with third-party/vendor risk assessments and audit processes.
Excellent analytical, communication, and problem-solving skills.
Languages : Italian, English (German is a plus).
Salary range : 85.000/100.000 chf
Want more jobs like this?Get IT & technology jobs in Lugano delivered straight to your inbox.By signing up, you agree that we may process your information in accordance with our privacy policy.
More jobs from this employer