Threema is the world's best-selling secure messenger for both private users and businesses. Since 2012, we have been working tirelessly to ensure that our users can communicate freely without worrying about their privacy. Our growing user base includes millions of private customers and thousands of businesses and organisations from all over the world.

Due to our strong growth, we are looking for a

Chief Information Security Officer (CISO) (m/f/x, 80–100%)

Your Tasks

Threema is a company that not only promises security and data protection in its advertising, but also lives up to these promises. This is also reflected in our successful product. However, with our strong growth from a small to a medium-sized company, it has become necessary to formalize many internal processes. We are therefore looking for a dedicated person who can take care of these tasks and who has the necessary experience to do so. 

As the future CISO at Threema, you will be responsible for internal IT security. The role reports directly to the CTO. Your responsibilities will include:

• Developing a company-wide security strategy

• Establishing an information security management system (ISMS)

• Developing and enforcing security policies

• Conducting risk assessments and business impact analyses

• Developing incident response and disaster recovery plans

• Supporting certification processes

• Ensuring compliance with data protection regulations in cooperation with our legal counsel

• Raising employee awareness of information security issues

• Continuously analyzing and optimizing information security within the company

• Working closely with the CTO and the operations team

We are looking for someone who takes a practical approach to these issues and has a hands-on mentality. We want to continue to live security, not just regulate it, and prefer technical measures over organizational measures wherever possible.

Your Skills

Our IT environment is not typical of a classic Swiss SME with Microsoft technologies and many cloud services. Instead, we rely on macOS and Linux, use open-source services where appropriate and possible, and operate most of the services we use on-premises. We are looking for someone who likes to get involved and can also help with the management and implementation of projects.

Ideally, you will have the following:

• A degree in computer science or comparable training

• At least five years of relevant work experience as a CISO or in similar positions

• In-depth knowledge of network security, application security, and data loss prevention

• Experience with common security technologies (firewalls, intrusion detection/prevention, SIEM solutions, endpoint protection, MDM systems, vulnerability scanners, etc.)

• Knowledge of conducting penetration tests and security audits

• Familiarity with common security frameworks and standards (ISO27k, NIST, CIS, SOC 2)

• Experience with open source technologies

• Strong sense of responsibility, precise working style

• Positive mindset with enthusiasm for information security and privacy issues

• Good written and spoken German and English

What We Offer

• A young and motivated team with flat hierarchies and straightforward communication

• Opportunity to work on many different projects and improve and define processes

• Work-life balance: flexible working hours and the option to work from home two days a week

• Option to work from anywhere for two weeks per year

• Opportunity to take unpaid leave

• You can choose your own hardware (macOS or Linux)

• Public transport discount or access to free parking

• A fitness room and a table tennis table

• Internal German or English courses

• A great coffee machine :-)

• Regular events and drinks receptions

• The good feeling of contributing to the effective protection of the privacy of millions of people

Place of work: Pfäffikon SZ (Greater Zurich Area) / hybrid

Start date: Immediately or by agreement

Have we sparked your interest? Then we look forward to receiving your application documents.