On - Senior Lead – IT Governance, Risk and Compliance - Zürich

Team for Career Site

Technology

In short

Join On’s Information Security team and play a pivotal role in shaping and executing our risk and compliance strategies. You’ll develop robust governance processes aligned with key frameworks like NIST, ISO 27001, and SEC requirements while monitoring performance and risk indicators to ensure our innovation-driven culture thrives safely. You’ll also spearhead initiatives to protect critical data assets using advanced security tools and lead regular vendor risk assessments to strengthen our supply chain security.
You’ll be the architect of a security-first culture by designing engaging training programs and promoting cross-functional collaboration across the organization. Your responsibilities will extend to enhancing our operational resilience by developing and testing Cyber Incident Plans and Playbooks, ensuring quick recovery from disruptions. You’ll also work closely with internal and external stakeholders to support compliance and audit processes, continuously improving our security posture and ensuring we remain agile in a fast-paced environment.

Your mission

– Establish and maintain governance processes that align with regulatory requirements (e.g., NIST, ISO 27001, SEC) while supporting On’s innovation-driven culture.
– Define and track key performance and risk indicators (KPIs and KRIs) to measure the success of risk mitigation strategies.
– Prioritize the protection of critical data assets across all technological layers, using cutting-edge security tools and methodologies.
– Align supply chain risk processes with industry standards and conduct regular vendor risk assessments to mitigate risks stemming from third-party relationships.
– Design and deliver tailored security education programs that empower employees at all levels to understand and mitigate risks and foster collaboration between cross-functional teams to promote a proactive, resilience-focused mindset across the organization.
– Lead the development and maintenance of the Cyber Incident Plan and Playbooks, conduct table-top exercises to ensure organizational resilience in the face of disruptions.
– Collaborate with external auditors, regulatory bodies, and internal stakeholders to facilitate seamless compliance with regulatory requirements and internal controls. Prepare for and support audits, ensuring findings are addressed and improvements are implemented effectively.

Your story

– At least 10 years of proven experience in governance, risk management, and compliance roles within the information security domainStrong expertise in industry standards, regulations, and frameworks, including ISO 27001, SEC, NIST Cybersecurity Framework, and supply chain security principles.
– Hands-on experience conducting security risk assessments, including third-party/vendor assessments, and implementing risk mitigation strategies.
– Demonstrated success in managing compliance audits, certifications, and regulatory inspections, with a focus on streamlining processes and achieving operational excellence.
– Excellent understanding of modern information security principles, including endpoint protection, cloud security, and data-centric strategies.
– Exceptional communication and interpersonal skills, capable of influencing and collaborating with cross-functional teams, external stakeholders, and executive leadership.

Meet the team

In the dynamic landscape of On, the tech thrives much like a spirited runner: always moving, always improving. We are building technology that continues to supercharge the growth of On, helping to ignite the human spirit through movement.