Chief Information Security Officer – Global Cybersecurity Lead

About the role

The Chief Information Security Officer (CISO) will define, lead and continuously improve the Group’s information security strategy. Based in Geneva, the CISO is accountable for protecting digital assets, ensuring regulatory compliance and fostering a strong cybersecurity culture across the organisation.

Key responsibilities

• Develop, implement and maintain a global information security strategy, roadmap and governance framework.
• Define, enforce and regularly update security policies, standards and procedures.
• Report cyber risk, threat landscape and resilience metrics to the CEO, CIO, Executive Committee and Board.
• Lead security risk assessments for trading, manufacturing and corporate systems and ensure compliance with FINMA, GDPR and EU cybersecurity directives.
• Oversee incident response, crisis management and post‑incident reviews.
• Design and maintain a security architecture aligned with business and IT strategies, covering cloud, network and endpoint environments.
• Manage security frameworks (ISO 27001, NIST), monitoring, threat detection, penetration testing, vulnerability management and security audits.
• Collaborate with IT, Compliance, Risk and Operations to embed security into business processes and lead a global cybersecurity function.

Required profile

• Master’s degree in Information Security, Computer Science, Engineering or a related discipline.
• Professional certifications such as CISSP, CISM or CISA.
• 15+ years of cybersecurity experience, including 5+ years in senior leadership.
• Previous CISO or Deputy CISO role in financial services, commodities or manufacturing.
• Proven track record implementing enterprise security frameworks and engaging with regulators.
• Strong stakeholder management and communication skills for C‑level and Board audiences.

Required skills

• Implementation of ISO 27001 and NIST Cybersecurity Framework.
• Cloud security, network and endpoint protection.
• Penetration testing, vulnerability management and security audits.
• Incident response and security operations.
• Security architecture, monitoring, threat detection and prevention.
• Experience with ERP systems, OT/industrial IT and trading platforms.