Information Security Assurance Expert

Job Description

Company Description

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 170 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.

We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

Job Description

You will be part of a well-established international information Security team (part of CISO operations) focused on preventing vulnerabilities before they occur (Prevent Team).

As an Information Security Assurance Expert, you will play a pivotal role in ensuring that Avaloq’s services, platforms, and internal operations meet the highest standards of security, compliance, and operational resilience.

In this role, you will:

• Perform in-depth assurance activities across technical and operational domains.
• Evaluate and maintain Avaloq’s information security risk posture.
• Drive consistency in control design, testing, and audit readiness.
• Collaborate closely with stakeholders across Architecture, IT Operations, Cloud Engineering, Audit, Legal, Risk Management and Product Teams.
• Support the continuous evolution of Avaloq’s security control framework and risk assessment processes.
• You will contribute significantly to strengthening Avaloq’s security posture and ensuring robust alignment with regulatory and contractual expectations. The position reports to the Head of Prevention
• Determine and document Technical IT security controls, ensuring they are effectively mapped to Avaloq’s internal control framework
• Determine the information security risk profile for each relevant service and asset.
• Perform and maintain asset-based information security risk assessments in line with ISO 27005, including recurring reviews.
• Identify and assess residual risks and consolidate aggregate risk across services and environments.
• Ensure that Avaloq maintains Operational Resilience in line with regulatory, business continuity, and reliability requirements.
• Track all requirements from Legal, Regulatory, and Contractual sources and translate them into actionable obligations.
• Map legal and regulatory requirements to the control framework and ensure recurring validation of control adequacy.
• Execute repeatable and automated testing of security control effectiveness.
• Lead or support audit preparation, coordination, evidence collection, automation of audit workflows, and audit response activities.
• Collaborate with Engineering, Architecture, Operations and Compliance teams to drive remediation and continuous improvement in the Information Security Management System (ISMS), ensuring alignment with emerging threats and industry best practices
• Contribute to maintaining a strong and transparent Security Assurance documentation base.

Qualifications

• Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, or similar field.
• Several years of hands-on experience in information security assurance, risk management, audits, or control frameworks.
• Strong understanding of security control frameworks (ISO 27001, NIST CSF, SOC2, CCM, OSPAR, etc.).
• Proven experience conducting risk assessments (ISO 27005) and determining technical and organizational controls.
• Solid knowledge of infrastructure, cloud technologies, applications, and common security technologies.
• Experience with audit processes, internal control systems, and evidence lifecycle management.
• Strong analytical skills, structured problem solving, and excellent documentation capabilities.
• Ability to collaborate effectively across diverse teams and influence key stakeholders.
• Experience with automation, scripting, or use of platforms to streamline assurance activities is an advantage.
• Relevant certifications such as ISO 27001 LA/LI, CRISC, CISA, CISM, CISSP are a plus.
• Fluent in English

Additional Information

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices.

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self.

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way.

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.

#LI-Hybrid