Position description
Valsoft's Edelweiss Software Group is seeking an experienced and business-savvy Head of Security to lead the information security function for several portfolios within a global holding organization composed of multiple diverse subsidiaries across industries, geographies, and risk profiles. This leader will be responsible for driving consistent, risk-aware, and efficient security practices across the group, and will play a pivotal role in adapting security programs to the nuanced needs of each subsidiary.
This role requires strategic leadership and hands-on execution. The Head of Security will collaborate closely with the global CISO, while directly supporting the group's leadership to ensure that security maturity evolves in alignment with the group's business goals.
Key responsibilities
Translate HQ’s baseline standards into a tailored security roadmap
Develop and maintain a security maturity model scaled to the subsidiaries’ size and complexity
Define tiers of subsidiaries by risk, industry, and data sensitivity to drive differentiated strategies
Create and maintain a library of group-level policies, templates, and standards (e.g., IR plan, password policy)
Facilitate adoption of policies across subsidiaries with appropriate localization
Establish and manage a policy update cadence with version control
Provide or recommend shared tooling across the group
Negotiate contracts with preferred security vendors and manage licensing agreements
Build lightweight security engineering support, whether internal or outsourced
Participate in M&A evaluations to assess the cybersecurity posture of targets
Advise investment teams on cyber risk exposure and hidden liabilities
Conduct annual or biannual security self-assessments across subsidiaries
Consolidate results into quarterly dashboards for group leadership and HQ
Publish and maintain a group-wide incident response playbook
Serve as the first escalation point for incidents at the subsidiary level
Coordinate post-incident reviews and group-level communication
Help subsidiaries pursue and maintain compliance (e.g., SOC 2, ISO 27001, GDPR, HIPAA)
Maintain a centralized view of compliance status across the group
Assist with customer and vendor security questionnaires and audits
Triage critical vulnerabilities and incidents across subsidiaries
Escalate material risks to HQ or group executives as needed
Maintain a group-wide risk register and coordinate prioritization
Requirements
Required/minimum qualifications
10+ years of experience in cybersecurity, with leadership roles across multiple business units or portfolio companies
Proven ability to work cross-functionally with engineering, operations, legal, and executive stakeholders
Deep familiarity with security standards and certifications (e.g., SOC 2, ISO 27001)
Demonstrated experience in multi-entity environments such as holding companies, private equity, or decentralized organizations
Strong communication, negotiation, and influencing skills
Preferred qualifications
Empathy for the business: understands startup vs. mature subsidiary dynamics
Influence without authority: excels at driving outcomes through relationships, not mandates
Operational fluency: balances strategic vision with hands-on delivery
Program management: leads repeatable assessments, tooling, and remediation efforts
Adaptability: able to flex approaches across subsidiaries with varying maturity
Why join us?
This is a high-impact leadership opportunity to build and shape a scalable security program across a dynamic and diverse group of companies. You'll work with forward-thinking executives; help safeguard innovative businesses and collaborate with a global security team, all while enjoying flexibility and autonomy.
Ready to join a collaborative and innovative team where you can make an immediate impact?