Information Security & Compliance Lead

About IMD

The International Institute for Management Development (IMD) has been pioneering leadership development for nearly 80 years. Founded by business for business, we are an independent university institute with Swiss roots and global reach. Operating from Lausanne with strategic hubs in Singapore, Shenzhen, and Cape Town, IMD works with 19,000+ executives from 120+ countries annually. Our 145,000+ alumni form a powerful global network. Consistently ranked among the world's top business schools, IMD bridges cutting-edge research with real-world application to help leaders solve problems, scale solutions, and drive impact. Real Learning for Real Impact.

To reinforce our team, we are looking for an

Information Security & Compliance Lead (100%)

The Job's mission

We are seeking an Information Security & Compliance Lead to strengthen our cybersecurity posture and ensure compliance with international standards such as ISO 27001, ISO 27701, and ISO 42001. This role plays a pivotal part in protecting our institution’s information assets, ensuring the confidentiality of data entrusted to us by clients, partners, and employees, and driving continuous improvement across security governance, risk management, and operational resilience.

In this position, you will oversee internal and external audits, lead incident and vulnerability management processes, manage relationships with suppliers and clients from a security standpoint, and develop the organization’s security awareness and readiness. You will also contribute to new security solution evaluations.

This is a unique opportunity to join a mission-driven institution where information security is a strategic priority. You will have direct impact on risk mitigation, operational excellence, and regulatory compliance, collaborating with teams across departments to embed a security-first culture.

Main responsibilities 

Governance and Compliance
•    Lead the annual ISO 27001 and ISO 27701 internal and certification/surveillance audits, ensuring timely remediation of findings.
•    Conduct security meetings with management, maintain policies and practices, and oversee annual updates.
•    Collaborate closely with the Data Protection Officer to ensure compliance with GDPR, LPD, and other relevant data protection regulations, aligning security practices with legal and regulatory requirements.
•    Compile security KPIs and dashboards, and report monthly to management and internal communications channels.
•    Perform ISO 42001 self-assessment and lead implementation of AI governance controls, leveraging collaboration with key stakeholders.
•    Oversee employee security awareness programs and perform regular phishing simulations, to foster a security-conscious culture.
•    Identify opportunities for new security tools and propose solutions in alignment with strategy and risk priorities.
•    Develop and manage the annual cybersecurity budget

Supplier & Client Security Management
•    Review and assess the security maturity of new supplier.
•    Answer client security queries in collaboration with Sales and Legal teams, ensuring consistent and transparent communication.

Incident Management
•    Investigate internal and external security incidents and ensure response procedures are followed, inclose coordination with the SOC and the IT teams
•    Further develop incident response processes and run tabletop simulations with senior management, technical teams, and key stakeholders to enhance incident response readiness

Vulnerability Management & Threat Intelligence
•    Review vulnerability scan results, assess severity, and ensure timely remediation in close collaboration with the IT teams.
•    Coordinate penetration testing and collaborate with stakeholders to track closure of findings.
•    Follow (OSINT) threat intelligence from various sources and act accordingly.

Formula for success 

Education:  
•    Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.
•    Recognized security certifications such as CISM, ISO 27001 Lead Implementer/Auditor, or equivalent are a strong asset.

Experience:
•    Minimum 5 years of experience in information security management, compliance, or cybersecurity operations.
•    Proven experience leading ISO 27001 or equivalent certification programs.
•    Strong understanding of incident management, vulnerability management, and data protection principles.
•    Familiarity with third-party risk management.
•    Experience in managing security awareness programs and collaborating with multidisciplinary teams.
•    Excellent project management and reporting skills, with the ability to summarize complex risks for senior management.

Competencies
•    Analytical, structured, and risk-based approach to decision-making.
•    Effective communicator, skilled at adapting verbal and written communication for both technical stakeholders and senior management.
•    Proven ability to lead cross-functional initiatives and maintain governance rigor.
•    Strong attention to detail and documentation.
•    Proficient English, French is a plus.

How to apply

If you have the above skills and would like to work in our stimulating environment, please send your complete application file (letter of motivation and resume in English, copies of your work certificates and diplomas). 

If you’re a qualified candidate with a disability (such as dyslexia, sight and/or hearing disabilities, etc) and you need a reasonable accommodation in order to apply for this position, please specify it in your application. 

A valid Swiss work permit or Swiss or EU-25EFTA citizenship is required for this position.