Cyber Security Manager

OTB is an international fashion group comprising the iconic, unconventional brands Diesel, Jil Sander, Maison Margiela, Marni and Viktor Rolf. It also controls the Staff International and Brave Kid companies and holds a stake in American brand Amiri. OTB – short for “Only The Brave” – believes in the possibility of pushing beyond the frontiers of fashion and style to support the creativity of international talents and express in full the innovative spirit and uncompromising courage of its founder and chairman, Renzo Rosso. With more than 7,000 employees worldwide, the Group is founded on a digital approach centred on the consumer, a concrete long‑term commitment to the creation of a sustainable, technologically driven business, and close attention to social issues through the OTB Foundation.

OTB Spa is looking for a Cyber Security Manager to join its IT Corporate Department, within the Infrastructure & Operations division, reporting directly to the Infrastructure & Operations Director. The Cyber Security Manager will oversee all Cyber Security related activities within the OTB group.

• Coordinate Security Team Member in charge of:
  • Managing and operating the L7 security tool such as EDR, EPP, WAF, IDS/IPS, SWG.
  • Managing, configuring, patching, monitoring and finetuning Vulnerability & Application Scanning products.
  • Setting security configuration standards for IT systems (e.g., operating system hardening, Cloud Security etc.).
  • Detecting and responding to cyber security threats.
  • Performing security incident evidence gathering, evaluations, remediation, review and analysis.
• Interact with External SOC and apply any suggested recommendation / remediation.
• Support the definition, development and monitoring of the OTB Group's cybersecurity strategy, ensuring alignment with risks and business priorities.
• Support all the activities necessary to keep compliance with all major industry regulations (NIS2, GDPR, ISO 27001, national and European regulations).
• Conduct research of new security technologies in order to identify and establish good security governance.
• Work with other departments in order to define, maintain and update Information Systems Security policies, procedures, and practices.
• Support the third‑party risk assessment process to rate third party involved in data processing.

• Degree in Computer Science, Engineering, Telecommunications, Economics.
• At least 8 years of experience in Cyber Security.
• Familiarity with the NIST Cybersecurity Framework and a threat intelligence framework such as MITRE ATT&CK.
• In‑depth knowledge of the main regulatory frameworks and international reference standards (NIS2, GDPR, ISO 27001, national and European regulations).
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), SANS GSEC, Certified Ethical hacker or other similar credentials, is highly desired.
• In‑depth understanding of vulnerabilities management systems and common security applications.
• Hands‑on experience and knowledge on technologies: Firewall, WAF, VPN, IDS/IPS, EDR, EPP, DLP, SWG, CASB, NAC, IAM.
• Experience with penetration testing, vulnerability scanning, SIEM, SOAR, patch management solution, data leakage solution, DDOS prevention, DNS Security, Cloud Security.
• Proved experience with supporting an environment that includes Microsoft Windows, UNIX, Macintosh OSX, Linux and mobile operating systems.
• Good influencing and project management skills.
• Experience working with multiple stakeholders from different functions and different organizational levels.