Threema GmbH

Information Security Officer

📍 8808 Freienbach

Rolle und Verantwortlichkeiten

As Information Security Officer at Threema, you will be responsible for information security across the company. The role reports directly to the CTO. You will drive the development and formalization of our security program and bring the technical expertise to assess and contribute to the implementation of security measures. Organizational responsibilities include developing a company-wide security strategy, building and operating an Information Security Management System (ISMS), developing and enforcing security policies, conducting risk assessments and business impact analyses, developing incident response and disaster recovery plans, supporting certification processes, ensuring compliance with data protection regulations in collaboration with our Legal Counsel, responding to security questionnaires and customer requirements, and raising employee awareness of information security topics. Technical responsibilities include evaluating and assessing security solutions for our infrastructure (Linux, macOS, on-premises, open source), conducting or overseeing penetration tests and security audits, continuously analyzing and improving technical security measures, and contributing to the implementation of security requirements together with the Operations team.

Team / Beschreibung

Threema is the world’s best-selling secure messenger for both private users and businesses. Since 2012, we have been working tirelessly to ensure that our users can communicate freely without worrying about their privacy. Our growing user base includes millions of private customers and thousands of businesses and organizations from all over the world. Threema is a company that not only promises security and data protection in its advertising, but also lives up to these promises. This is also reflected in our successful product. However, with our strong growth from a small to a medium-sized company, it has become necessary to formalize many internal processes. Until now, these topics have been shared across various team members – now we are looking for a dedicated person to take on this responsibility in a consolidated role.

Qualifikationen und Fähigkeiten

  • A degree in Computer Science or an equivalent qualification

  • At least five years of relevant work experience in information security

  • Familiarity with common security frameworks and standards (ISO 27k, NIST, CIS, SOC 2)

  • Hands-on experience with certification processes, either as the person in charge or as part of a team that has gone through a certification

  • Solid knowledge of network and application security, including common security technologies (firewalls, intrusion detection, SIEM, endpoint protection, MDM, vulnerability scanners, etc.)

  • Experience in conducting penetration tests and security audits

  • A strong sense of responsibility and a meticulous approach to work

  • A positive mindset with a genuine enthusiasm for information security and privacy

  • Strong written and spoken German and English