Cyber Governance Risk & Compliance Specialist Milano

Cyber Governance Risk & Compliance Specialist
Milano
Lombardia, Milano

Who we are

**Amplifon is an Italian multinational company and the global leader in hearing care solutions and services for retail expertise, customization and consumer care.

More than 17, 000 professionals every day in a network of 11, 000 points of sale / service centers / affiliates, give back the joy of hearing, feeling and living to thousands of people across the world.

**In Amplifon we believe people are the most important component of our success.

Thanks to our best-in-class Hearing Care Professionals and front and back office Teams, we are able to put the everyday taps, pops and splashes back into the lives of our customers.

We believe that it's only through strong investment in talent engagement, continuous professional development, support and recognition that our people can exceed every limit and build a fulfilling career.

**What we are looking for

**Reporting to the Global Cybersecurity Manager, we are looking for a talented Corporate Cybersecurity Cybersecurity Governance, Risk & Compliance Specialist to oversee the company security.

**The Corporate Cybersecurity Governance, Risk & Compliance Specialist 's job is composed of a variety of activities, including very tactical, operational and strategic activities in support of the Security program initiatives, such as**:

- **Strategic support**:

- **Security liaison**:

- **Architecture/engineering support**:

- **Operational support

***The incumbent will be responsible to protect the Company from any cyber threats in compliance with corporate policies and regulations (eg.

GDPR, HIPAA ), best practices (NIST, ISO, MITRE, etc ) and new/upcoming technologies (cloud, artificial intelligence, machine learning, etc), in coordination with our security partners.

**He/she will be responsible to identify, evaluate and manage external threat sources, cyber risks; will guarantee the adoption of effective the security measures; will test preparedness and responsive capability of the security capabilities.

will oversee security reporting.

**Key responsibilities including but not limited to**:

- **Development of security policy and standards to guide security decisions within the organization and inspire change**:

- **Ensure that the organization is compliant with regulatory requirements and internal policies.

**:

- **Create a project plan to achieve ISO 27001 Compliance by working with a consultant partner.

**:

- **Review and assess the results of ISO 27001 compliance assessments, controls, and processes.

Then, recommend, document, and monitor the implementation of any prescribed corrective actions.

**:

- **Serve as project lead within IT security projects upon project plan and remediation efforts**:

- **Assist with presentations to management and enterprise committees.

**:

- **Build on security existing processes and focuses on continuously monitoring to support the improvement the security posture of the organization including the branches**:

- **Defines actions to protects the organization from inadvertent human mistakes and malicious insider actions**:

- **Facilitate IT security/risk training curriculum**:

- **Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the Company**:

- **Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies**:

- **Address questions from internal and external audits and examinations

**What you'll need

**- Bachelor's Degree, Information Systems, Computer Science, Information Security or related field required - 5+ years IT security or information security experience with a proven ability to engage with Senior Management and regulators**:

- **Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk**:

- **ISO 27001 Lead Auditor, or related certification preferred**:

- **Project management skills preferred**:

- **Prior experience with regulatory compliance and information security management frameworks (e. g. , IS027000, COBIT, NIST 800, etc.

)

**Mandatory knowledge: framework and international standard of**:

- **Information Security, IT Risk & Security Assessment, Governance & Compliance, Data Privacy/Data Protection**:

- **International and local ICT and Cyber Risk regulations**:

- **Best practices (e. g.

NIST, ISO 27001, SOC Type I & Type 2 MITRE Att&ck)**:

- **Security tools (i. e.

SIEM, Identity & Access Governance, Data Security&Protection, IDS/IPS, Fraud Detection, Data Masking&Tokenization, PKI)

**Forward-thinking interpersonal skills: you can persuasively express your point of view whether it's through a written or face-to-face presentation

**Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.