IT Security and Risk Manager

Purpose of Position

Viking Cruises is one of the world’s leading cruise line company that manages a fleet of 64 river ships and 5 ocean ships (and growing) with offices across the globe. We have our Marketing and Sales headquarters based in Los Angeles, USA and the Operational Head Quarters based out of Basel, Switzerland.

The IT Operations in Basel guarantees a seamless operation of our EMEA Offices in Basel, London, Ancona, Wiebelsheim and Shanghai as well as the operation of our ships. The Team handles the entire IT Infrastructure including Network and WiFi Infrastructure, iTV System, Server and Clients of every flavor.
As the IT Security and Risk Manager, you will be a key member of the IT Operations Team. You will work with external partners and internal stakeholders to implement cyber security standards and effectively managing IT Risk and Security. You will be responsible for risk management and IT compliance and you will be developing and implementing IT security policies and procedures.

The IT Security and Risk Manager reports to the Executive Director IT. Starting date would be as soon as possible.

This role will be located in Basel, Switzerland. Please note that we can only accept candidates who are eligible to work in Switzerland or are in possession of a relevant work permit.

RESPONSIBILITIES

• Identify, evaluate, and report on information security risks
• Provide subject matter expertise on security and privacy standards and best practices
• Develop, implement and maintain an IT Security Incident Management Framework
• Support activities that make users aware of IT security risks and appropriate behavior
• Evaluate, select and implement information security solutions
• Manage regular intrusion detection and vulnerability assessments, internal and external IT audit reviews, and coordinate required fixes.
• Monitor vulnerability and threat reports as well as trends in IT Security and address relevant information
• Emergency planning and crisis management, such as working under formalized Business Continuity and Disaster Recovery frameworks.

QUALIFICATION PROFILE

• Bachelor’s Degree in computer science, engineering, or related field
• Professional certifications, such as CISSM, CISM, CISA
• Five years or more relevant experience working in an similar role
• Proven track record of developing and successfully implementing information security procedures.
• Security technology acumen and experience including but not limited to: firewalls, intrusion detection, cyber-attack tools and defenses, encryption, tokenization, certificate authorities, web filtering, antimalware, anti-phishing, identity and access management, multi-factor authentication.
• Knowledge of security, risk, and control frameworks, such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO, etc.
• Experienced with contract and vendor negotiations would be a plus
• Able to communicate security and risk-related concepts to both technical and non-technical audiences in business terms, including Board level
• You are passionate about Cyber Security and you have a can-do mindset
• You are excited about driving change in a fast pace environment
• You are open to take up responsibility within the Team
• You love to be the go-to Person for our internal Clients and within the Team
• You are a hands-on personality with strong ambition for high quality balanced with pragmatic solutions.

WHAT WE OFFER

• Flexible working hours
• Employee restaurant (including free soft drinks, coffee, tea)
• Regular company events, e.g. sports games, BBQ, cooking classes
• A dynamic and fast-growing environment where you can drive your future
• A free cruise for you and your +1 every two years
• A highly talented, passionate and international team

If you are interested in this role, please apply via our website, including a cover letter (one page, introducing yourself and outlining why you are interested in the role) as well as your CV and relevant references.