Information Security Officer (30-80%)

VSHN, leader suisse en services gérés, offre des solutions DevOps. Rejoignez une équipe agile et diversifiée à l'environnement de travail favorable.

Tâches

• Maintenir et améliorer le système de gestion de la sécurité de l'information.

• Coordonner les audits internes et externes pour la conformité ISO/IEC 27001.

• Promouvoir une culture de sécurité par des formations régulières.

Compétences

• Expérience en gestion de la sécurité de l'information et ISO/IEC 27001.

• Compétences en communication proactives et transparence.

• Capacité à travailler en équipes techniques et non techniques.

VSHN, pronounced like “vision,” is Switzerland's leading Managed Service Provider for enabling DevOps, cloud-native development, and agile IT operations. We empower software teams with self-service products like APPUiO and Application Catalog, alongside tailored solutions built on our Managed OpenShift and standardized building blocks, leveraging GitOps, CI/CD, and Cloud Services, VM-based services, and various support and operations subscriptions. Our Servala Cloud Native Service Hub bridges the gap between CSPs, ISVs, and Enterprises, providing cloud-native services and DevOps tools. Most of these services are provided as managed services by VSHN, ensuring applications are testable, deployable, scalable, and operable in any cloud or on-premise environment.

Your new role: Information Security Officer

As our new Information Security Officer, you will take the lead in maintaining and continuously improving our Information Security Management System (ISMS) to ensure ongoing compliance with ISO/IEC 27001 and related standards. In this part-time role (30–80%), you’ll play a vital role in protecting VSHN’s information assets, managing risks, and ensuring transparency and compliance across the organization.

You will coordinate with internal stakeholders and external auditors, lead incident investigations, and champion a security-conscious culture through regular training and awareness efforts. Your work will directly support our risk management, business continuity planning, and security certification goals, helping VSHN maintain trust with customers and partners.

Responsibilities summarized

• Maintain and improve the ISMS, aligned with ISO/IEC 27001 and ensure internal and external ISO/IEC 27001 audits.

• Ensure VSHN has an annual audited report according to ISAE 3402

• Define and manage security policies and processes.

• Conduct risk assessments with VSHN’s teams and manage VSHN’s information security risk register.

• Act as the point of contact for information security incident coordination and investigation.

• Prepare training and awareness sessions to promote a security culture.

• Oversee business continuity management and business impact analyses.

• Act as a security consultant, supporting internal teams, customers, and sales with clear, professional compliance documentation.

Company culture

As an organization, we thrive on diversity and self-management, orienting ourselves on Agile and Sociocracy 3.0 principles. We emphasize transparency, collaboration, and common goals, valuing Scrum-like workflows in our tech teams. Decisions at VSHN are made collaboratively, valuing reasoned arguments over hierarchical positions - we trust in self-responsibility in everyone, in people who share the responsibility of their team, and that decisions happen with the subject-matter experts, in our teams where we face the day-to-day challenges while getting the best possible support from the wider organization.

Read more about how VSHN is unique in our handbook - one example of how much we value Transparency and live open source as an organization.

This job is for you if

You have

• Know-how in ISO/IEC 27001 implementation and maintenance.

• Familiarity with ISAE 3402 requirements and reporting.

• Experience with incident and risk management processes.

• Business-level German and English.

• Ability to deliver security training and awareness initiatives.

• Experience preparing and supporting audits.

You are

• Excited to work in a company with self-managed teams, where reasoned arguments hold sway over hierarchical mandates and your work can make a real impact.

• Detail-oriented and organized in managing documentation and audits.

• Comfortable collaborating across technical and non-technical teams.

• A proactive communicator who ensures transparency and clarity.

As a bonus:

• Familiarity with Confluence and log management systems.

• Experience with Business Continuity Planning (BCP) and Business Impact Analysis (BIA).

• Background in corporate IT or supporting IT security operations.

At VSHN, we are open to hiring motivated individuals with varying levels of experience who demonstrate a strong commitment to learning and quickly applying new skills on the job. The remuneration for this role will be in line with our fixed salary policy, which applies universally across all roles.

What we offer

• VSHN offers awesome benefits and great colleagues.

• If you’re interested, you can grow into new roles by taking on additional responsibilities, working within other roles, or even changing teams over time.

• We live in a culture that has enabled working remotely and from home (even before COVID-19). We have mandatory on-site events a few times a year, and in general, we also enjoy meeting at the office to connect and socialize.

• Like all VSHNeers, you’ll receive a fixed monthly salary and phantom stock options in the company in a fully transparent salary system.

Does this sound interesting? Then apply now, and let’s meet for a casual (virtual) cup of coffee soon!

Please note: we don’t work with recruitment agencies, and we’re looking for people with permission to work in Switzerland (Swiss/EU citizens and Swiss residents/work visa holders).