IT Security Analyst, Risk & Compliance 80-100 %
- Employment type
- Temporary
- Location
- Winterthur
- Company
- ZHAW, 8401 Winterthur
- First posted
IT Security Analyst, Risk & Compliance 80-100 % (hybrid)
Whether cloud service, AI solution or new specialist application - you assess IT resources and IT service providers from the perspective of information security, accompany and help shape the due diligence process and support the ZHAW in ensuring that digitalization and innovation are implemented safely and responsibly at the ZHAW.
IT Security Analyst, Risk & Compliance 80-100 % (hybrid)
Department:
Finanzen & Services
Start of work:
As of 1.1.2027 limited until 31.8.2027, application deadline:
Tasks
Conducting due diligence audits of new IT resources and IT service providers regarding information security and compliance
Checking security proofs, certifications and audit reports (e.g., ISO 27001, SOC 2, ISAE 3402) in the context of procurement and contract conclusions
Participating in the definition and further development of security requirements for IT resources and external service providers
Conducting and accompanying security audits as well as tracking the implementation of agreed measures
Training and sensitizing internal employees regarding information security
Advising technically and non-technically proficient employees university-wide
Identifying areas for action for the continuous improvement of information security
Close cooperation with the agile ICT team, the other security functions and the data protection officer of the ZHAW.
Profile
Practical experience in the field of information security, IT Risk Management, Governance, Risk & Compliance (GRC), IT audit or a comparable function
Education and further training in the field of information security
Good knowledge in the areas of client, server operating systems, network and cloud technologies, Generative AI and Agentic AI
Demonstrable very good knowledge of information security, data protection and IT General Controls as well as the ability to evaluate risks understandably and derive pragmatic measures
Analytical, structured and solution-oriented way of working with rapid comprehension and a pronounced sense of quality
Very great interest in current trends and developments in the areas of cyber security as well as new attack techniques and protective measures
Knowledge of relevant standards and frameworks, such as ISAE 3402 Type 2 or SOC 1 Type 2 and ISO 27001
Very good communicative skills to present complex technical matters clearly and to be able to convey them in a target-group and subject-specific manner
Team-oriented personality with an independent, reliable and service-oriented way of working
Very good German skills as well as good English skills in spoken and written form
This is what we stand for
With over 14,000 students and over 11,000 continuing education participants as well as around 3,700 employees, the ZHAW University of Applied Sciences is one of the largest multi-sector universities of applied sciences in Switzerland.
The ICT Security team in the Finanzen & Services staff is responsible for university-wide cyber risk management, digital compliance, ICT emergency and cyber incident management, vendor risk management, the internal ICT control system as well as security awareness and thus makes a central contribution to safe and rule-compliant digital university operations.
The ZHAW is committed to gender-mixed and diverse teams to promote equality, diversity and innovation.
This is what we offer
We offer university-appropriate working and employment conditions and actively promote the personnel development of our employees and managers. A detailed description of the benefits can be found on the Working at ZHAW page. Here are the most important key points:
Contact
McGuinness
Chief Information Security Officer
Jocelyn Schaad
Recruiting Manager jpid6bf4b84jm jit0729jm jiy26jm
Automatically translated from the original.
Posted 2 days ago