Information Security Officer - Governance & CISO Office
Role type: Permanent | Location: Prague, Czech Republic
| Model: Hybrid | Level of travels: ~ 5%
Our Company
Alpiq is one of Switzerland’s leading electricity producers and a key energy services provider across Europe. Headquartered in Lausanne and powered by a strong portfolio of hydropower, nuclear, and renewable energy sources, we’re all about impact, for the climate, for people, and for the security of supply.
More than 1,300 colleagues from nearly 60 nationalities bring their energy to a shared purpose: Together for a better climate and an improved security of supply.
We work in a values-driven culture shaped by trust, curiosity, and respect. Our 4 company values have been co-created with our employees and are embedded in everything we do as a company:
“We are ALP1Q “- reflects our team spirit
“We learn and grow together” - we have courage
“We share the steering wheel” - we take ownership
“We focus on the outcome” - your impact matters
At Alpiq, your energy matters!
Mission
The Information Security Officer – Governance & CISO Office plays an important role in Alpiq’s cybersecurity strategy by enabling governance, ensuring regulatory readiness, and driving ISMS maturity. Reporting directly to the CISO, this role includes policy, standard and procedures development, conducting NIS2 gap analysis, and acting as the information security SPOC for selected projects and new applications. The role ensures that security policies, standards, and frameworks are effectively implemented across all business units, enabling Alpiq to balance compliance, operational resilience, and innovation.
Your main responsibilities
- Conduct NIS2 and other compliance assessments with a focus specifically on CZ legal and regulatory requirements
- Develop, operationalise, and maintain Alpiq’s information security governance framework, aligned with ISO 27001, NIS2, GDPR, and NIST CSF
- Create and maintain security artifacts including policies, standards and procedures, ensuring certification readiness and continuous improvement
- Act as the InfoSec SPOC for selected business and IT projects, embedding security into project lifecycles and delivery processes
- Assess new applications and technology initiatives for security posture, compliance, and governance alignment
- Define, update, and enforce security policies, directives, and standards; ensure traceability and consistent implementation across the organisation
- Coordinate cross-functional security alignment with IT, Risk, Compliance, and Business stakeholders
- Support regulatory audits, certification processes, and cross-border compliance requirements
- Monitor remediation activities, ensuring ownership, accountability, and timely closure
Your Profile
- Bachelor’s or Master’s degree in Information Security, Informatics, Computer Science, or related technical field, or equivalent industry experience
- IT background with practical knowledge of infrastructure, networks, or application security
- 3+ years of experience in cybersecurity governance, compliance, or enterprise risk management
- Hands-on experience in security assessments of applications/projects and acting as InfoSec/Security SPOC in delivery teams
- In-depth knowledge of ISO 27001, NIS2, GDPR, and NIST CSF frameworks
- Experience with vendor/supply chain security is an advantage
- Familiarity with IT/OT security, audits, and certification readiness is a plus
- Exposure to physical security requirements in highly regulated environments desirable
- Certifications such as CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, or CGEIT preferred
- Executive presence with ability to work closely with the CISO and business leaders
- Strong leadership and coordination skills across functions and hierarchies
- Excellent written communication in both Czech and English is a must
- Strategic mindset to translate business and risk issues into tangible implementation guidance for technical IT teams
- Strong analytical and problem-solving skills with sound risk judgement
- Self-motivation, discretion, and resilience in a dynamic, high-stakes environment
- Ability to embrace unfamiliar challenges, demonstrating persistence and the willingness to learn and contribute.