Information Security Manager

Your opportunity

Performing activities related to information governance, risk, and compliance, ranging from managing cyber risks for the Group (including business processes, IT processes, and OT processes), assessing the security of new and existing solutions, defining and maintaining information security policies, processes, and procedures, to defining and operating information security dashboards. Additionally, supporting the Group in implementing the continuous improvement process for information security

Your Mission

• Operate the periodical risk assessment of cyber security risks in accordance with information security policies and procedures.
• Review the cyber security risk treatment plan.
• Check compliance with cyber security requirements.
• Performing cyber security risk assessment of new projects in compliance with group policies
• Support business function in define and implement security remediation plans
• Positively contribute to the establishment and maintenance of a robust security culture within the company. Conduct investigation interviews as required.
• Information security continuous improvement (security gaps identification, support to define remediation, improve the information security management system).
• Govern the account management process for both end user and administrators.
• Cyber security Incident management
• Follow all relevant security policies, processes, procedures and instruction to ensure security compliance in all aspects of work by applying them on self, others and organization assets.

Your Profile

• Master's or Bachelor's degree in relevant areas (preferred: technical, information security, IT studies);
• 7-12 years of experience in a GRC-related role, with experience in consulting companies being a plus.
• Experience in quantitative and qualitative risk analysis.
• Experience with major compliance audits and security guidelines (such as ISO 27001, ISO 22301, SOC 2, NIST framework, IEC 62443, NIS 2 Directive etc.).
• Ability to work with limited direction, usually within a complex and evolving environment, to drive the delivery of solutions.
• Experience in building and implementing risk programs.
• Experience in designing and implementing security dashboards (including security KPI definition, aggregation, collection, and analysis).
• Experience with GRC technologies. Experience in performing security reviews of applications (processes and technologies). Experience in project management of security projects.
• Excellent verbal, written, and interpersonal communication skills, suitable for both technical and non-technical audiences.
• Proficiency in English is required, fluency in French and Italian are considered plus
  Additional certifications such as ISO27001 LA, CCSP, CISSP, CISA, and similar qualifications  are considered plus.