Descrizione di posizione
Corporate Cyber Security Manager
Who we are
Amplifon is an Italian multinational company and the global leader in hearing care solutions and services for retail expertise, customization and consumer care. More than 16,000 professionals every day in a network of 11,000 points of sale / service centers / affiliates, give back the joy of hearing, feeling and living to thousands of people across the world.
In Amplifon we believe people are the most important component of our success. Thanks to our best-in-class Hearing Care Professionals and front and back office Teams, we are able to put the everyday taps, pops and splashes back into the lives of our customers. We believe that it’s only through strong investment in talent engagement, continuous professional development, support and recognition that our people can exceed every limit and build a fulfilling career.
What we are looking for
Reporting to the Global IT Operations & Enterprise Architectures Director, we are looking for a talented Corporate Cybersecurity Manager to oversee the company security.
The incumbent will be responsible to protect the Company from any cyber threats in compliance with corporate policies and regulations (eg. GDPR, HIPAA…), best practices (NIST, ISO, MITRE,etc ) and new/upcoming technologies (cloud, artificial intelligence, machine learning, etc), in coordination with our security partners.
He/she will be responsible to identify, evaluate and manage external threat sources, cyber risks, advanced persistent threats (APTs), insider threats and other suspicious or malicious behaviors; will analyses log event data with SOC; will guarantee the adoption of effective the security measures; will test preparedness and responsive capability of the security infrastructure. will oversee security reporting.
Key responsibilities including but not limited to:
- Management of IT security and IT risk (e.g., data systems, network and/or web) across the
- Address questions from internal and external audits and examinations.
- Develop policies, procedures and standards that meet existing and newly developed policy
- and regulatory requirements
- Facilitate IT security/risk training curriculum
- Serve as project manager/lead within IT security projects
- Promote awareness of applicable regulatory standards, upstream risks and industry best
- practices across the Company
What you'll need
- Bachelor’s Degree, Information Systems, Computer Science, Information Security or related
- field required
- 6/8 years IT security or information security experience with a proven ability to engage
- with Senior Management and regulators
- 4+ years experience in administering IT security controls in an organization
- Knowledge of technical infrastructure, networks, databases and systems in relation to IT
- Security and IT Risk
- Experience with IPS/IDS and SIEM technologies
- Certified Information Systems Security Professional (CISSP), or related certification
- Prior experience working with regulatory agencies including OCC and/or FDIC preferred
- Project management skills preferred
- Prior experience performing security reviews and risk assessments preferred
Mandatory knowledge: framework and international standard of
- Information Security, IT Risk & Security Assessment, Governance & Compliance, Data Privacy/Data Protection
- international and local ICT and Cyber Risk regulations
- best practices (e.g. NIST, ISO, ,SOC Type I & Type 2 MITRE Att&ck)
- security software (i.e. SIEM, Identity & Access Governance, Data Security&Protection, IDS/IPS, Fraud Detection, Data Masking&Tokenization, PKI)
Forward-thinking interpersonal skills; you can persuasively express your point of view whether it’s through a written or face-to-face presentation
Some experience with identity and access management principals, architecture and security management or securing network and enterprise cloud applications.
In specific, knowledge of Cluod Platform (Microsoft Azure, Amazon Web Services (AWS), Oracle Cloud, Google Cloud Platform) and Security platform & solutions like IBM Qradar, Zscaler.
Proven implementation of cloud security models.