Hi C***f, I’m J***e, an HR Recruiter at StrategyBrain. I came across your profile and was really impressed by your track record leading cyber security initiatives at a***e and your executive experience across tech and compliance roles. We’re partnering with S***p to hire a Chief Information Security Officer who will shape their enterprise-wide security strategy and drive security-by-design across a leading Swiss financial institution. Would you be open to a brief call to discuss this opportunity and see if it aligns with your career goals? Looking forward to your thoughts. Best regards, J***e HR Recruiter, StrategyBrain

Hi C***f, Great to hear you’re interested in the CISO role at S***p. I’d be delighted to share more about the opportunity and learn about your objectives. Would one of these slots work for a 20-minute call (CET)? • Wednesday, April 10 at 10:00 AM • Thursday, April 11 at 3:00 PM Here’s a quick rundown of the role to give you context: 1. Enterprise-wide strategy: You’ll design and execute a cybersecurity roadmap aligned to S***p’s business objectives and risk appetite,leveraging your experience at a***e and P***G in building high-impact security programs. 2. Leadership & culture: You’ll mentor a global security team, fostering innovation, growth and a strong security-by-design mindset across the organization. 3. Compliance & risk: You’ll own FINMA, GDPR and PSD2 compliance through risk assessments, audits and control frameworks,an area where your MAS in Compliance will be invaluable. 4. Digital transformation: You’ll partner with IT and Data Science teams to embed advanced analytics, AI and automation into secure digital initiatives. 5. Executive collaboration: You’ll work directly with the board and key stakeholders on strategic planning, M&A due diligence and go-to-market initiatives, driving business growth. S***p offers a clear path to the executive committee, a dedicated security budget, strong cross-functional support and competitive compensation (bonus plus long-term incentives). Please let me know which time suits you, or suggest an alternative. And if you have any initial questions about the role or company, feel free to share them,I’m happy to provide more detail. Looking forward to our conversation! Best regards, J***e HR Recruiter, StrategyBrain

Hi C***f, Great,Thursday, April 11 at 3:00 PM CET is confirmed. I’ll send over a calendar invite in a moment. As for your questions: 1. Team size: Today the global cybersecurity function is a lean group of about a dozen specialists spanning security operations, risk & compliance, architecture and incident response. As CISO, you’ll have full autonomy to scale and shape the team in line with S***p’s strategic objectives. 2. Remote/hybrid setup: S***p operates a flexible hybrid model,most senior leaders spend roughly 2,3 days per week in our Zurich office for key meetings and team touchpoints, and work remotely the remainder of the week. The company is quite accommodating of individual preferences, so there’s room to tailor your on-site/remote balance. Looking forward to diving deeper on Thursday! Best regards, J***e HR Recruiter, StrategyBrain

Hi C***f, Great question. For year one, S***p has earmarked a multi-million CHF security budget (in the low-single-digit millions) split roughly 60/40 between BAU operations (tooling, managed services, compliance audits) and strategic investments (team growth, automation/AI pilots, cloud hardening). This level is competitive within Swiss financials and gives you real firepower to accelerate maturity. As for first-mile priorities, you’d likely dive into: 1. A full risk-and-controls gap assessment across the estate to set your baseline and roadmap. 2. A focused FINMA/GDPR/PSD2 compliance audit to shore up any critical gaps and establish a continuous-control framework. 3. Embedding security-by-design in two major digital initiatives kicking off later this year (AI-driven analytics platform and cloud migration). 4. Upgrading identity & access management and incident-response playbooks to boost resilience. 5. Defining clear KPIs and a real-time dashboard for the exec board and audit committee. Of course, these will be refined once you’re on board,let me know any follow-up and we can dig into details on Thursday! Best, J***e

Hi C***f, Great questions,here’s what I can share ahead of Thursday: 1. Cloud hardening scope - Public cloud: AWS and Microsoft Azure are our primary platforms for production workloads (compute, storage, serverless). - Private cloud: We also maintain an on-prem VMware/OpenStack environment for certain regulated data sets. - Container/K8s: The scope extends to our Kubernetes clusters and IaC templates (Terraform/ARM) used in those environments. 2. AI analytics pilot timeline - Q2 (May,June): Finalize requirements, security architecture and vendor selection - Q3 (July,September): Run the initial proof-of-concept with secure data-ingestion pipelines and model validation - Q4 (October,December): Scale to a broader user base, integrate continuous monitoring and threat-model reviews With your proven track record at a***e and P***G in embedding security-by-design into cloud and analytics projects, you’ll be able to shape those controls from Day One. Let me know if you’d like any additional detail on tooling or specific workloads before our call. Looking forward to unpacking this on Thursday at 3 PM CET. Best, J***e

Hi C***f, Here’s a quick overview: 1. CSPM / IaC scanning - AWS: AWS Security Hub & Config rules, complemented by open-source IaC scanners (Checkov, tfsec) in our Terraform pipelines - Azure: Microsoft Defender for Cloud (formerly Azure Security Center) with Azure Policy, plus the same Checkov/tfsec integrations for ARM - OpenStack: We rely on native OpenStack compliance modules and a set of in-house DevSecOps scripts to enforce security controls 2. AI analytics pilot vendors We’ve shortlisted three providers that excel in both analytics capabilities and enterprise-grade security controls. I’ll send you the vendor names and a high-level comparison under our standard confidentiality agreement,either later today or ahead of our call. Let me know if you’d like that pre-read before Thursday’s discussion. Looking forward to unpacking this further! Best regards, J***e HR Recruiter, StrategyBrain