AO Foundation
The AO is a medically guided, not-for-profit organization, a global network of surgeons, and the world's leading education, innovation, and research organization specializing in the surgical treatment of trauma and musculoskeletal disorders. We are home to people from all over the world, from different backgrounds, with diverse talents and specialist areas. What binds us together is our passion for excellence, our dedication to our mission of improving patient care, and our understanding that we are stronger together: we are one AO.
For more information, visit: https://www.aofoundation.org/
Information Security Responsible / IT Security Manager (ID2116)
Short Description
Purpose of the Role:
This combined role covers both strategic information security leadership and operational IT security management. As Information Security Responsible (ISR), the position holder defines the security strategy, owns governance and risk oversight, and ensures compliance with agreed information security requirements at an executive level comparable to a CISO function. As IT Security Manager, the position holder translates this strategy into effective structures, processes, controls, and operational security practices in close collaboration with the Head of Infrastructure, Head of IT, the IT Management Team, and relevant stakeholders.
Reporting line: Direct report to Head of IT, line to CEO in case of conflicts of interest in relation to the role of Information Security Responsible
Place of work: Davos, 3 days per week in office
Main Responsibilities
- Strategic security leadership and governance: Define, align, and maintain the information security strategy, policies, standards, ISMS, and governance model in line with organizational objectives, regulatory requirements, and stakeholder expectations.
- Risk, compliance, and control oversight: Identify, assess, and manage information security risks; ensure agreed security controls are implemented, monitored, audited, and continuously improved.
- Security operations and incident management: Lead and coordinate cyber security operations, incident response, threat analysis, threat hunting, remediation activities, lessons learned, and operational security reporting.
- Security architecture and technical control management: Oversee secure configuration, hardening, patch management, monitoring, and security architecture in collaboration with IT leadership, infrastructure, enterprise architecture, and operational IT teams.
- Business continuity, crisis, and stakeholder communication: Contribute to business continuity and crisis management for IT security matters, including preparation, testing, communication, post-incident reviews, and management reporting.
- Awareness, training, and collaboration: Promote security awareness and training in coordination with HR and management, and ensure effective collaboration across IT, business stakeholders, governance bodies, and external partners.
- Vendor management and budget responsibility: Support IT partner and third-party security management, contribute to vendor security assessments, and develop, monitor, and report on the central IT security budget.
Main Requirements
Core Skills / Competencies:
- Executive-level information security leadership with the ability to act as knowledge owner, advisor, and thought leader for security governance, risk, and compliance.
- Strong technical cyber security expertise across security frameworks, security architecture, network security, identity and access management, monitoring, encryption, vulnerability management, and threat detection.
- Proven capability in risk assessment, audit, incident response, crisis management, and continuous improvement of security controls and processes.
- Excellent communication, negotiation, and stakeholder management skills, including the ability to work effectively with executive management, governance bodies, IT teams, business stakeholders, and external partners.
- Strong analytical, problem-solving, project management, and collaboration skills with a pragmatic, solution-oriented, and supportive working style.
Educational Requirements:
- Master’s degree or equivalent qualification in computer science, information technology, cyber security, information security, or a related field.
- Relevant professional certifications or additional education in information security, cyber security, governance, risk, compliance, data protection, and applicable standards and regulations, including GDPR/DSGVO.
Job Experience:
- Minimum 10 years of experience in information security and cyber security, preferably including leadership or management responsibility.
- Demonstrated experience in developing and implementing information security strategies, governance models, security programs, policies, standards, and operational security processes.
- Hands-on experience with cyber security operations, incident response, threat analysis, security monitoring, vulnerability management, and related commercial security tools.
- Experience working with corporate governance, data protection, compliance, audit, vendor management, and cross-functional stakeholder structures.
- Previous work experience in Switzerland is a strong asset.
Language Skills:
- Proficient in German and English, both written and orally
We offer
- An interesting and varied job in an exciting and innovative organization
- The opportunity to be part of a highly committed international team
- Modern infrastructure
- High degree of flexibility regarding working hours and location (depending on operational requirements)
- Generous package of social benefits, including supplementary vacation days and pension scheme contributions
- Internal skills training opportunities and support for continued education
Arbeitsort: 7270Davos(Home Office möglich)
f you meet the requirements of this challenging opportunity, please submit your complete online application (motivation letter, CV, certificates, reference letters, etc) through our online application system.