Information Security Officer

• Contact point for general questions about information security
• Competent sparring partner for internal stakeholders
• Review and feedback on security documents
• Expert advice to the line organization on requirements and best practices of information security
• Analysis of current threats and participation in the definition, prioritization, and implementation of effective protective measures
• Planning, execution, and evaluation of information security assessments and reviews – including collaboration with IT teams and external partners
• Support and active monitoring of the line organization in the implementation of measures within the risk treatment plan
• Support for the line organization in effectiveness testing of implemented measures
• Support and collaboration in central security topics such as security operations, cyber risk management, threat and risk analyses, etc.
• Reporting including preparation of documentation for management
• Creation and execution of awareness training

• Education in information security or computer science (Bachelor, Master, CAS/MAS)
• Professional experience in information security (2-3 years in case of a Master’s, 4-5 years in case of a Bachelor’s) and preferably operational experience in IT (e.g., application development, IT operations)
• Certification in the field of information security, for example as Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), or Certified Information Security Manager (CISM) is an advantage
• Knowledge and experience in operational and technical topics of information security, including good knowledge of relevant information security standards (ISO 2700x, NIST SP 800-171, Federal Basic Protection, BSI Basic Protection, etc.)
• Analytical thinking with the ability to recognize connections and draw the right conclusions
• Self-organized, customer- and solution-oriented
• Team player who accepts challenges, coordinates them, and accompanies them to completion
• Excellent communication and interpersonal skills for effective collaboration in cross-functional teams
• Resilient personality with independent working style and confident appearance
• Very good German skills in spoken and written form as well as subject-specific English skills, also in spoken and written form

"Nerd" is not an insult but a status symbol? You understand more about computers and networks than Bill Gates? Then we want you on our team. In RUAG's IT, you have the opportunity to cover the entire ICT landscape from development to maintenance and contribute your expertise to Switzerland's security.

• Education in information security or computer science (Bachelor, Master, CAS/MAS)
• Professional experience in information security (2-3 years in case of a Master’s, 4-5 years in case of a Bachelor’s) and preferably operational experience in IT (e.g., application development, IT operations)
• Certification in the field of information security, for example as Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), or Certified Information Security Manager (CISM) is an advantage
• Knowledge and experience in operational and technical topics of information security, including good knowledge of relevant information security standards (ISO 2700x, NIST SP 800-171, Federal Basic Protection, BSI Basic Protection, etc.)
• Analytical thinking with the ability to recognize connections and draw the right conclusions
• Self-organized, customer- and solution-oriented
• Team player who accepts challenges, coordinates them, and accompanies them to completion
• Excellent communication and interpersonal skills for effective collaboration in cross-functional teams
• Resilient personality with independent working style and confident appearance
• Very good German skills in spoken and written form as well as subject-specific English skills, also in spoken and written form

• Contact point for general questions about information security
• Competent sparring partner for internal stakeholders
• Review and feedback on security documents
• Expert advice to the line organization on requirements and best practices of information security
• Analysis of current threats and participation in the definition, prioritization, and implementation of effective protective measures
• Planning, execution, and evaluation of information security assessments and reviews – including collaboration with IT teams and external partners
• Support and active monitoring of the line organization in the implementation of measures within the risk treatment plan
• Support for the line organization in effectiveness testing of implemented measures
• Support and collaboration in central security topics such as security operations, cyber risk management, threat and risk analyses, etc.
• Reporting including preparation of documentation for management
• Creation and execution of awareness training