IT

Information Security Officer - Governance & CISO Office

Praha - 100% | Permanent

Role type: Permanent | Location: Prague, Czech Republic

| Model: Hybrid | Level of travels: ~ 5%

Our Company

Alpiq is one of Switzerland’s leading electricity producers and a key energy services provider across Europe. Headquartered in Lausanne and powered by a strong portfolio of hydropower, nuclear, and renewable energy sources, we’re all about impact, for the climate, for people, and for the security of supply.

More than 1,300 colleagues from nearly 60 nationalities bring their energy to a shared purpose: Together for a better climate and an improved security of supply.

We work in a values-driven culture shaped by trust, curiosity, and respect. Our 4 company values have been co-created with our employees and are embedded in everything we do as a company:

“We are ALP1Q “- reflects our team spirit

“We learn and grow together” - we have courage

“We share the steering wheel” - we take ownership

“We focus on the outcome” - your impact matters

At Alpiq, your energy matters!

Mission

The Information Security Officer – Governance & CISO Office plays an important role in Alpiq’s cybersecurity strategy by enabling governance, ensuring regulatory readiness, and driving ISMS maturity. Reporting directly to the CISO, this role includes policy, standard and procedures development, conducting NIS2 gap analysis, and acting as the information security SPOC for selected projects and new applications. The role ensures that security policies, standards, and frameworks are effectively implemented across all business units, enabling Alpiq to balance compliance, operational resilience, and innovation.

Send us your application

Are you looking to make an impact in the energy sector? Become part of Alpiq - your energy matters!

Your main responsibilities

  • Conduct NIS2 and other compliance assessments with a focus specifically on CZ legal and regulatory requirements
  • Develop, operationalise, and maintain Alpiq’s information security governance framework, aligned with ISO 27001, NIS2, GDPR, and NIST CSF
  • Create and maintain security artifacts including policies, standards and procedures, ensuring certification readiness and continuous improvement
  • Act as the InfoSec SPOC for selected business and IT projects, embedding security into project lifecycles and delivery processes
  • Assess new applications and technology initiatives for security posture, compliance, and governance alignment
  • Define, update, and enforce security policies, directives, and standards; ensure traceability and consistent implementation across the organisation
  • Coordinate cross-functional security alignment with IT, Risk, Compliance, and Business stakeholders
  • Support regulatory audits, certification processes, and cross-border compliance requirements
  • Monitor remediation activities, ensuring ownership, accountability, and timely closure

Your Profile

  • Bachelor’s or Master’s degree in Information Security, Informatics, Computer Science, or related technical field, or equivalent industry experience
  • IT background with practical knowledge of infrastructure, networks, or application security
  • 3+ years of experience in cybersecurity governance, compliance, or enterprise risk management
  • Hands-on experience in security assessments of applications/projects and acting as InfoSec/Security SPOC in delivery teams
  • In-depth knowledge of ISO 27001, NIS2, GDPR, and NIST CSF frameworks
  • Experience with vendor/supply chain security is an advantage
  • Familiarity with IT/OT security, audits, and certification readiness is a plus
  • Exposure to physical security requirements in highly regulated environments desirable
  • Certifications such as CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, or CGEIT preferred
  • Executive presence with ability to work closely with the CISO and business leaders
  • Strong leadership and coordination skills across functions and hierarchies
  • Excellent written communication in both Czech and English is a must
  • Strategic mindset to translate business and risk issues into tangible implementation guidance for technical IT teams
  • Strong analytical and problem-solving skills with sound risk judgement
  • Self-motivation, discretion, and resilience in a dynamic, high-stakes environment
  • Ability to embrace unfamiliar challenges, demonstrating persistence and the willingness to learn and contribute.

Your benefits

Competitive salary package

Market-oriented salary

Training and development

Diverse opportunities for career growth

Flexible work models

Various flexible work models

Inclusion is at the heart of Alpiq

At Alpiq, we are committed to creating an inclusive work environment, where everyone can bring their ‘whole selves’ to work and feel valued, respected, and heard. This principle is central to our company’s purpose, values, and leadership approach. We strongly believe that organizations thrive through the inclusion of diversity. Everyone’s energy matters regardless of characteristics, such as age, gender, nationality, language, sexual orientation and identity, religion, social or ethnic background or any other personal traits.

 

Data protection

At Alpiq, data privacy is an important topic. Please therefore take note of the corresponding Privacy Notice that appears in the online application form and explains in detail the purpose for which we process your personal data. It is of great concern to us to inform you as transparently as possible and process your data only in a fair manner.