Information Security Governance, Risk and Compliance (GRC) specialist

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 160 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.
We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

We are looking for a skilled Information Security Governance, Risk, and Compliance (GRC) Specialist to join the Avaloq CISO Governance team. The CISO Governance team is responsible for developing, implementing, and maintaining our organization's Information Security governance, risk management, and compliance programs. The ideal candidate has a deep understanding of information security practices, regulatory requirements, and risk management frameworks. The role is based in Manila.

Your key responsibilities

Your key responsibilities will include the following domains. You don't have to be an expert on everything, but you must be willing to learn!

• Governance and Compliance
  • Participate in the development and maintenance of Avaloq's information security governance framework.
  • Lead and aid with compliance-related issues across stakeholders.
  • Work closely with internal and external audits, both to support the audit activities and to manage the remediation of findings.
  • Report to management and relevant stakeholders on compliance status and security governance effectiveness.
• Policy Management
  • Provide guidance and assist in the drafting, revision, and implementation of security policies and procedures.
  • Monitor and evaluate the effectiveness of implemented policies and procedures.
  • Participate in regular policy reviews to ensure alignment with changing regulations and organizational objectives.
• Security Risk Management
  • Conduct and guide risk assessments to identify potential security threats and vulnerabilities.
  • Conduct security assessment of third-party vendors to evaluate compliance with Avaloq’s security standards.
  • Monitor third-party compliance with agreements and performance against organizational benchmarks.
• Awareness and Advocacy
  • Be an advocate for security among your colleagues.
  • Participate in the development and implementation of a comprehensive cybersecurity awareness program.
  • Craft engaging and informative security training materials for Avaloq employees.
  • Measure the effectiveness of employees' knowledge and competencies and adapt strategies based on feedback and trends.
  • Participate in internal security awareness activities such as new employee onboarding.
  • Stay updated with the latest developments in information security, risk management, and compliance.

• Educational Background: A bachelor's degree in information technology, computer science, or a related field.
• Professional Experience: 2-4 years of experience in a GRC-related role or relevant industry experience (e.g. IT auditing, financial regulatory, risk management).
• Language skills: Professional proficiency in English is mandatory; proficiency in German or Italian is a plus.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and as part of a multi-cultural team.

It would be a real bonus if you have

• Professional Certifications such as CRISC, CISSP, CISA, or GRCP.
• Strong knowledge of regulatory requirements and industry standards such as ISO 27001, ISO 27005, DORA, MAS regulations, etc.
• Knowledge of cloud security and related compliance concerns.

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices. 

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self. 

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way. 

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.  

#LI-Hybrid