Global Cyber Security Tech Manager

Who we are

Amplifon is an Italian multinational company and the global leader in hearing care solutions and services for retail expertise, customization and consumer care. More than 17,000 professionals every day in a network of 11,000 points of sale / service centers / affiliates, give back the joy of hearing, feeling and living to thousands of people across the world.

In Amplifon we believe people are the most important component of our success. Thanks to our best-in-class Hearing Care Professionals and front and back office Teams, we are able to put the everyday taps, pops and splashes back into the lives of our customers. We believe that it’s only through strong investment in talent engagement, continuous professional development, support and recognition that our people can exceed every limit and build a fulfilling career.

Reporting to the Global Cybersecurity Manager, we are looking for a talented Corporate Cybersecurity Technology Specialist to oversee the company security.

The Corporate Cybersecurity Technology Specialist's job is composed of a variety of activities, including very tactical, operational, and strategic activities in support of the Security program initiatives, such as

• Strategic support
• Security liaison
• Architecture / engineering support
• Operational support

The incumbent will be responsible to protect the Company from any cyber threats in compliance with corporate policies and regulations (eg. GDPR, HIPAA ), best practices (NIST, ISO, MITRE, etc ) and new / upcoming technologies (cloud, artificial intelligence, machine learning, etc), in coordination with our security partners.

Moreover, he / she will be responsible for defending against cyber security incidents, as well as identifying, analyzing, communicating and containing these incidents when they occur.

He / she will be responsible to identify, evaluate and manage external threat sources, advanced persistent threats (APTs), insider threats and other suspicious or malicious behaviours; will analyse log event data with SOC; will guarantee the adoption of effective the security measures; will test preparedness and responsive capability of the security infrastructure.

• Liaison with the SOC to support threat hunting, detection, response, and to remediates active attacks on enterprise assets.
• Provide security protections and monitoring for sensitive enterprise data in any format or location
• Leverage threat Intelligence to obtain context and actionable insights on potential threats to empower the organization in making data-driven decision
• Support the development of the security architecture translating the organization’s business and assurance goals into a security vision, providing documentation and diagrams to guide technical security decisions. The scope considers identity-centric security solutions for cloud assets, cloud-based security solutions,
• Support the integration of security controls into development processes.
• Manage and coordinate operational components of incident management, including detection, response and reporting.
• Serve as project lead within IT security projects
• Support the IT Operation functions to protection data center / cloud infrastructure, network components, and user endpoint devices.

• Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field required
• years IT security or information security experience
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk
• Certified Information Systems Security Professional (CISSP), or related certification
• Project management skills preferred
• Desired prior Detection & Response experience, e.g., on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
• Mandatory knowledge : framework and international standard of Information Security, IT Risk & Security Assessment, Governance & Compliance, Data Privacy / Data Protection
• International and local ICT and Cyber Risk regulations
• Best practices (e.g. NIST, ISO 27001, SOC Type I & Type 2 MITRE Att&ck)
• Security tools (i.e. SIEM, Identity & Access Governance, Data Security&Protection, IDS / IPS, Fraud Detection, Data Masking&Tokenization, PKI)
• In specific, knowledge of Cloud Platform (Microsoft Azure, Amazon Web Services (AWS), Oracle Cloud, Google Cloud Platform) and Security platform & solutions like IBM Qradar, Zscaler.
• Forward-thinking interpersonal skills: you can persuasively express your point of view whether it’s through a written or face-to-face presentation.

Note: This reflects the information provided and excludes extraneous boilerplate such as the trailing line “Recruiting Organization Description.”