Information Security Officer; m​/f​/x

Threema is the world’s best-selling secure messenger for both private users and businesses. Since 2012, we have been working tirelessly to ensure that our users can communicate freely without worrying about their privacy. Our growing user base includes millions of private customers and thousands of businesses and organizations from all over the world.

Threema is a company that not only promises security and data protection in its advertising, but also lives up to these promises. This is also reflected in our successful product. However, with our strong growth from a small to a medium-sized company, it has become necessary to formalize many internal processes. Until now, these topics have been shared across various team members – now we are looking for a dedicated person to take on this responsibility in a consolidated role.

• Developing a company-wide security strategy
• Building and operating an Information Security Management System (ISMS)
• Developing and enforcing security policies
• Conducting risk assessments and business impact analyses
• Developing incident response and disaster recovery plans
• Supporting certification processes
• Ensuring compliance with data protection regulations in collaboration with our Legal Counsel
• Responding to security questionnaires and customer requirements
• Raising employee awareness of information security topics

• Evaluating and assessing security solutions for our infrastructure (Linux, macOS, on-premises, open source)
• Conducting or overseeing penetration tests and security audits
• Continuously analyzing and improving technical security measures
• Contributing to the implementation of security requirements together with the Operations team

Our IT environment is not typical of a classic Swiss SME with Microsoft technologies and many cloud services. Instead, we rely on macOS and Linux, use open-source services where appropriate and possible, and operate most of the services we use on-premises. We are looking for someone who likes to get involved and is willing to help lead and execute projects.

Ideally, you will have the following:

• A degree in Computer Science or an equivalent qualification
• At least five years of relevant work experience in information security
• Familiarity with common security frameworks and standards (ISO 27k, NIST, CIS, SOC
  2)
• Hands-on experience with certification processes, either as the person in charge or as part of a team that has gone through a certification
• Solid knowledge of network and application security, including common security technologies (firewalls, intrusion detection, SIEM, endpoint protection, MDM, vulnerability scanners)
• Experience in conducting penetration tests and security audits
• A strong sense of responsibility and a meticulous approach to work
• A positive mindset with a genuine enthusiasm for information security and privacy
• Strong written and spoken German and English

• Pragmatic application process incl. compact assessment with practical tasks
• A young and motivated team with straightforward communication
• Opportunity to work on many different projects and improve and define processes
• Flexible working hours, option to work from home up to two days per week
• Up to two Workation weeks per year
• Option to take unpaid leave
• A dedicated budget for computer/workstation (macOS or Linux)
• Public transportation discount or parking space (electric car charging available)
• Free use of fitness room, including a fitness trainer once a month
• Professional massage once a month
• Internal German or English courses
• Regular events and get-togethers
• The good feeling of contributing to the effective protection of the privacy of millions of people

Pfäffikon SZ (Greater Zurich Area)

June 1st or by agreement