Alpiq Holding Ltd. is a Swiss energy company operating throughout Europe. Its activities include the generation and supply of electricity, energy trading, energy management, energy services as well as energy technology. Alpiq Ltd. is a subsidiary of Alpiq Holding Ltd. with headquarters in Olten.
The Information Security Lead - Governance & CISO Office plays a central role in Alpiq's cybersecurity strategy by leading governance, ensuring regulatory readiness, and driving ISMS maturity. Reporting directly to the CISO, this role combines strategic alignment with hands-on delivery. Key responsibilities include completing and maintaining the ISMS, conducting NIS2 readiness assessments across Alpiq locations, and acting as the information security SPOC for projects and new applications. The role ensures that security policies, standards, and frameworks are effectively implemented across all business units, enabling Alpiq to balance compliance, operational resilience, and innovation.
Your main responsibilities
- Develop, operationalise, and maintain Alpiq's information security governance framework, aligned with ISO 27001, NIS2, GDPR, and NIST CSF
- Complete and maintain the Information Security Management System (ISMS), ensuring certification readiness and continuous improvement
- Conduct NIS2 governance and compliance assessments at Alpiq sites (~20% travel)
- Act as the InfoSec SPOC for business and IT projects, embedding security, and assessing new applications and technology for security posture, compliance, and governance alignment
- Define, update, and enforce security policies, directives, and standards; ensure traceability and consistent implementation across the organisation
- Coordinate cross-functional security alignment with IT, Risk, Compliance, and Business stakeholders and support regulatory audits and certification processes
- Plan and lead security tabletop exercises and strategic risk scenario planning with stakeholders and monitor remediation activities
Your profile
- Bachelor's or Master's degree in Information Security, Informatics, Computer Science, or related technical field
- 7+ years of experience in cybersecurity governance, compliance, or enterprise risk management
- Hands-on experience in security assessments of applications/projects, and acting as InfoSec/Security SPOC in delivery teams
- In-depth knowledge of ISO 27001, NIS2, GDPR, and NIST CSF frameworks, with proven track record in building governance models and implementing ISMS
- Strong leadership and coordination skills across functions and hierarchies
- Fluency in English required
- Nice to have: Familiarity with IT/OT security, audits, and certification readiness; certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or CGEIT