Direkt zum Inhalt

Cybersecurity Analyst with Audit mindset (Ref. 1523)

Bank J. Safra Sarasin Ltd is a leading sustainable private bank, offering all the advantages of the Swiss banking environment together with dynamic and personalised advisory services focusing on opportunities in international financial markets. The Bank provides a high level of services and expertise when acting as investment advisor and asset manager for private and institutional clients. Financial strength, excellent client services and outstanding quality are therefore key elements of its corporate philosophy.
J. Safra Sarasin’s most valuable capital is its employees. They are essential to the success of the organisation, now and in the future. Their technical expertise, professional qualifications and social skills are highly valued by the Group’s clients, management and business partners. The success of J. Safra Sarasin depends on the enthusiasm and commitment of every one of its employees worldwide.
Division
Group Internal Audit
Function/Position
Cybersecurity Analyst with Audit mindset (Ref. 1523)
Location
Basel, CH
Function/Position objectives
Bank J. Safra Sarasin is seeking for a strong technology and data driven candidate to cover Information Security and Cyber Security within the Audit department. The candidate focuses on general and infrastructure controls that mitigate cybersecurity risk. He is responsible for understanding, analysing, and testing the implemented technology controls including those regarding architecture and configuration, systems development, security and entitlements, IT operations management and governance. Main place of work will be Basel (Swizterland) with a willingness to travel abroad (approximately 30-40 days per year).
Responsibilities
  • Manage projects; perform audit assignments with primary focus on Cyber Security
  • Design and execute risk-based audit plans and programs in order to assess risk based the design and effectiveness of key technology and/or security controls for critical systems and processes
  • Partner with IT and business auditors, and work collaboratively within a team
  • Maintain ongoing dialog with key stakeholders regarding risks identified and necessary improvements to the control framework
  • Handle multiple projects while meeting deadlines with minimal supervision
  • Build strong relationships with internal clients
  • Onsite visits abroad (approximately 40 - 50 days per year)
Profiles
  • Master Degree Computer Science, Technology, Information Systems or related field (University/FH) or equivalent industry experience
  • Detailed technical knowledge/sound hands-on experience in some areas such as:
   • Databases
   • Operating Systems (UNIX, Linux, AIX, Windows)
   • Networking, including VPN, LAN, WAN, WLAN
   • Firewalls and associated hardware    
   • Backup and Recovery strategy and system
   • Middleware
   • Virtualization Technologies
   • Data Loss Prevention tools, Intrusion Detection and Intrusion Prevention tools
   • Pen Testing Tools
   • Tool knowledge (e.g Splunk, ArcSight, PowerGrep)
   • Good understanding of threats, vulnerabilities, risk, confidentiality, integrity, availability,
    cryptography,network security, web-based applications architecture and security, network
   • Protocols
   • Experience in SecDevOps
   • Scripting and programming experience
   • Ability to handle multiple projects while meeting deadlines with minimal supervision
  • Strong understanding of industry standards such as the CIS Top 20 Critical Security Controls (formerly SANS), ISO 27001/02, NIST Cybersecurity Framework
   • Assessing interfaces, infrastructure, data processing and computer general controls
   • Strong written and verbal communication skills
Activity rate
100 %
Please send your application to: