\\n You will be joining an established information security and risk management team that is accountable for the global design and implementation of the company\\\'s security strategy and program. Because the client is a privately owned business, they have a long-term vision and strategy. This enables them to have a security program which is stable and truly focused on delivering business value for security.

About our client

Our client is one of the leading Swiss companies in the health and life sciences industry in Switzerland. This is a permanent role ideally starting as soon as possible based in Kanton Zurich.

Your role

- Improve and run the security vulnerability management (VM) service for IT and OT assets, as well as in systems hosted in public and private clouds.
- Work with a \"service mindset\" with an effective and positive collaboration with IT platform owners and other IT colleagues, and with third party security service providers.
- Design and improve processes to detect, analyse, correlate, and remediate vulnerabilities and threats, leveraging these VM technologies: Ivanti Neurons for Risk Based Vulnerability Management, Ivanti EPM patch management, Qualys, and Claroty.
- Design and improve processes to perform and manage technical security testing such as penetration tests of our infrastructure and business systems, and application secure code testing with different methods e.g., SAST, DAST, IAST, and RASP.
- Take accountability for the entire lifecycle of all identified security vulnerabilities, working through others and partnering with remediation teams with a \"hands-on\" approach, as opposed to only providing high level remediation guidance.
- Serve as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks posed by vulnerabilities, identifying alternative risk mitigation actions for such risks.
- Develops management-level communications, including continuous report of business centric security metrics for the VM service.
- Advise, train and coach IT colleagues, and other technical teams e.g., platform owners, production automation teams, to help to deliver vulnerability remediation across all sites.
- Proactively support ISRM colleagues on the design of security education training awareness program (SETA), with lessons learned and root causes identified in the VM service delivery.

Your background

- University Degree in Information Security, IT or equivalent
- Desirable: Relevant security certifications such as from ISC2, ISACA, CREST CCTIM or CCIM, SANS and Vendor Certifications.
- 8+ years of professional work experience in IT with relevant roles such as systems developer, network engineering and operations, or security engineering.
- 3+ years of experience in vulnerability management, preferably in organizations which have manufacturing business operations.
- Working knowledge of vulnerability solutions: Qualys, Claroty or similar used in OT networks.
- A robust understanding of VM security theory and application including: Vulnerability lifecycle and rating i.e. CVSS-SIG/CVE-Mitre; OWASP / Top 10; and Application security testing methods such as SAST, DAST, IAST, and RASP.
- Experience running penetration testing with third party party service providers from contracting through remediation of findings.
- Applied knowledge of: exploitation of vulnerabilities, attack patterns, threat actors TTP\\\'s (Techniques, Tactics & Procedures), use of the Mitre ATT&CK and other threat modelling frameworks.
- Desirable: You have knowledge of GXP, CSV and pharmaceutical industry related regulations.
- Desirable: Experience in vulnerability management for Operations Technologies (OT) infrastructure and systems.
- Must be able to define project/program goals and roadmaps based on business / service customer needs and strategic direction and ensure that committed projects are delivered on schedule by the relevant team members.
- You are confident and able to communicate why through the work you deliver you are a business enabler.
- You have strong verbal and written communication skills in English and beneficial German.
- You are resilient, self-reliant/self-motivated, proactive with high degree of accountability and you have excellent operating skills in a dynamic team environment.
- You are a strong communicator: presentation and training, relationship management, consultation, negotiation.
- You have a high level of personal integrity, ability to professionally handle confidential matters and convince by appropriate level of judgment and maturity.
- You can work in a matrix and geographically dispersed organization.
- If needed you could travel, around 30% of your working time in Europe.

What\\\'s on offer

- Work for an established Swiss company
- International, multi-cultural working environment
- Canteen and parking spaces on site
- Friendly colleagues

If you are a highly motivated and ambitious candidate we look forward to receiving your application.
By applying for this position, I consent to the Swisslinx Group of companies:
- storing my personal information (including name, contact details, Identification and CV information etc.) on their internal or external servers for the purpose of informing me of potential employment opportunities
- using my personal information or
- supplying it to third parties upon express consent for the purpose of informing me of potential job opportunities
- transferring where applicable my personal information to a country outside the EEA/EFTA

I also hereby agree to the Swisslinx privacy policy (http://www.swisslinx.com/en/legal/privacy-policy) and Terms of Use (http://www.swisslinx.com/en/legal/disclaimer)\\n \\n \\n \\n \\n \\n

\\n \\n eFinancialCareers\\n \\n

\\n