Your mission

As our Junior Information Security Associate, you will drive key parts of our governance, risk, and compliance (GRC) program in a regulated fintech environment. You’ll own recurring GRC processes end-to-end (such as evidence cycles, control testing, risk workflows), partner with control owners across the business, and help keep us continuously audit-ready. You’re hands-on, independent, and able to translate requirements into practical controls, while knowing when to escalate and when to simplify.

What you’ll do 

• Governance & control framework ownership: Own and maintain parts of the ISMS; ensure policies/standards are implemented in a measurable way; support security-by-design governance for new initiatives.
• Assurance & audit execution: Plan and run audit readiness activities (ISO 27001/SOC 2/internal audit/regulatory requests): timelines, evidence plans, stakeholder coordination; review evidence for quality (period coverage, completeness, traceability), challenge gaps, and drive remediation with control owners; draft clear, consistent responses to auditors and internal stakeholders; maintain an action plan and verify closure.
• Risk management: Facilitate risk assessments for systems/projects/vendors with appropriate depth; document outcomes and treatment plans; maintain the risk register quality; identify systemic themes (repeat findings, control weakness patterns) and propose improvements to reduce residual risk.
• Third-party risk & compliance enablement: Lead parts of third-party risk management: due diligence reviews, tracking remediation commitments, and supporting security contractual requirements; Partner with Procurement/Legal/Business owners to ensure proportionate security requirements for vendors (especially critical service providers).
• Control testing & continuous improvement: Execute control design/operating effectiveness testing for a defined control set; document results and recommend improvements; produce GRC reporting and metrics for leadership (audit status, overdue actions, risk trends, control health indicators); improve GRC workflows through templates, playbooks, automation, and tooling (where applicable).

Who you are 

• You’re proactive and ownership-driven: you don’t wait to be told what’s missing; you spot gaps and fix them.
• You can balance rigor with pragmatism, applying controls proportionate to risk and business criticality.
• You write clearly and persuasively, especially when documenting controls, risks, and audit responses.
• You’re comfortable challenging constructively; asking “show me” and improving evidence and control quality without being obstructive.
• You’re collaborative and calm under deadline pressure (audits, regulator requests, and escalations).

Hilti Fieldwire, Inc.'s affiliate is hiring. This position is an opportunity to join the Hilti AG team in Schaan Liechtenstein. The candidate selected for this position will be a Hilti AG team member. If interested, please complete our application.

What’s the Role?

We are seeking a highly skilled and experienced Head of Information Security and GRC to join our team at Hilti Corporation, a leading provider of Construction Software (SW) solutions. Head of Information Security and GRC is a Line of Defense 1 role and will be responsible for defining and implementing our Construction SW security program, ensuring compliance with legal and regulatory requirements, and leading our Construction SW security team and the Product BISOs. This role requires a strategic thinker with strong leadership and communication skills, as well as in-depth knowledge of security protocols, technologies, and standards.

Who is Hilti?

We develop and provide leading-edge tools, technologies, software, and services for the global construction industry. With more than 30,000 team members in 120+ countries and a culture rooted in performance, innovation, and care, Hilti offers unmatched career opportunities across borders and disciplines.

What Does the Role Involve?

As a Head of Information Security and GRC, you will:

• Develop and implement Hilti’s Construction SW security program. 
• Lead and oversee the Construction SW security team and the Product BISOs.
• On top, act as Product BISO for On!Track.
• Identify and assess product security risks and threats.
• Implement security policies and procedures.
• Ensure compliance with legal and regulatory requirements.
• Collaborate with other executives to integrate security measures into business processes.
• Report to management on security incidents and measures.
• Work closely with other Information Security Officers within Hilti, the Product BISO community and the Group CISO.
• Shape the further development of the ISMS and implement regulatory, organizational, and technical security requirements.
• Analyze regulatory and legal developments (e.g., CRA, NIS2, EU AI data act), translate these into actionable requirements, and oversee their implementation.
• Independently manage business projects related to information and product security, from requirements to implementation.
• Take responsibility for specific security topics such as Cloud & AI Security or technical risk analyses within the BU.
• Contribute to the continuous improvement of the security architecture, the ICS, and the ICT & cyber risk management for Construction SW.
• Own and maintain BU CSW SOC2 certification and support Group ISO27001 certification
• Coordinate internal and external audits in the field of information security and support the implementation of the resulting measures.

What do we offer?

• A strategic seat at the table with senior leaders, board exposure, and influence across a rapidly growing business unit.
• The opportunity to work from our global headquarters, surrounded by mountain views, modern workspaces, healthy food options, and in-house fitness facilities.
• Relocation support for candidates across Europe, or flexible commuting options for those based in Switzerland or Austria.
• Access to Hilti's global talent development programs, career mobility, and the chance to make an impact far beyond one BU.
• Flexible work arrangements, e-bikes, parking, and on-site daycare to support your full life-not just your work life.

What do you need?

• Master’s degree in computer science, Information Technology, Information Security, Cybersecurity, or a related field. PhD degree preferred. 
• Several years of experience in a leadership position in SW/IT security. 
• Multiple years of experience in information security, including being in decision-taking roles. 
• In-depth knowledge of security protocols, technologies, and standards (e.g., ISO 27001, SOC2, NIST). 
• Experience in developing and implementing security programs. 
• Certifications such as CISSP, CISM, CISA, or equivalent are advantageous. 
• Proficiency in security frameworks, risk management, incident response, and security architecture. 
• Excellent analytical and problem-solving skills. Ability to assess risks and develop mitigation strategies. 
• Strong leadership skills. Demonstrate assertiveness. 
• Strong written and verbal communication skills. Ability to convey complex security concepts to non-technical stakeholders. 
• Capacity to adapt to a fast-paced and evolving environment. Commitment to staying updated on the latest security trends and technologies. 
• High level of integrity and ethical standards. Commitment to protecting the Construction SW’s information assets.
• Technical understanding in areas such as Cloud & AI Security, IAM, Endpoint Security, Data Security, SDLC, DevSecOps, Application Security. 

Why should you apply?

• You'll have exposure to senior executives and make decisions that shape the future of our digital business.
• You’ll be challenged-and supported-to grow beyond your current level into a broader global leadership career.
• This is a chance to build something lasting: a stronger, smarter finance foundation for the next phase of Hilti's software expansion.

Please note: This role is based in Schaan Liechtenstein. We offer relocation support for candidates across Europe and a flexible hybrid work model-allowing you to split your time between the office and working from home.

Your mission

As an Information Security Senior Specialist, you will lead and scale major elements of our security governance in a regulated fintech environment. You’ll own complex, cross-functional GRC domains (e.g., ISMS/ISO 27001 at scale, regulatory readiness, enterprise technology risk, third-party risk for critical vendors, compliance in key partnerships), drive measurable improvement in control effectiveness, and act as a trusted advisor to senior stakeholders.

What you’ll do

• Information Security Operating Model & GRC Ownership: Own and evolve one or more GRC domains end-to-end (e.g., ISMS operations, BCM, risk governance), including strategy, annual plan, cadences, and success metrics. Drive control rationalization and proportionality: tighten controls for critical/regulated assets and streamline low-risk areas to ensure an efficient, risk-aligned posture.
• Risk Management & Strategic Decision Support: Facilitate and challenge high-impact risk assessments (new products, major architectural changes, critical vendors), ensuring consistency and defensible rationale. Drive risk treatment at scale: align owners, negotiate timelines, track commitments, and escalate where residual risk remains above appetite.
• Audit, Assurance & Continuous Control Testing: Lead complex audits and assessments end-to-end (multi-entity, regulator-facing), including readiness, walkthroughs, and remediation. Design and run a risk-based control testing program to identify weaknesses and drive durable remediation (process fixes, automation, tooling) while translating regulatory requirements into structured internal work programs.
• Third-Party Risk & Critical Supplier Oversight: Set due diligence depth and ongoing monitoring requirements for critical suppliers (e.g., cloud, payments, identity, SaaS); partner with Procurement/Legal on security contract requirements to ensure enforceable obligations and measurable oversight across the supply chain.
• Enablement & Leadership through Others: Mentor Specialists, Associates, and Senior Associates; set quality standards for documentation, evidence, and stakeholder engagement. Act as a “GRC translator” for engineering and operations teams, helping them implement requirements efficiently and consistently across the organization.

Who you are 

• Typically 6–10 years of experience in information security GRC, audit/assurance, risk management, compliance, or adjacent security roles.
• Proven track record leading audits/assessments and driving remediation across multiple teams and systems.
• Strong working knowledge of ISO 27001 and DORA (and/or SOC 2 / PCI DSS / NIST) with ability to design controls, define evidence, and test effectiveness.
• Strong understanding of technology risk across cloud, IAM, SDLC governance, incident management, vulnerability management, logging/monitoring, and third-party risk.
• Excellent written and verbal communication; able to produce executive-ready materials and auditor-facing narratives.