Implement the standard Barilla cybersecurity practice in his / her own Region, in accordance with the given framework
Ensure that cybersecurity policies and procedures are practically applied at local level, in compliance with Corporate policies and industry standards (e.
g. ISO / IEC 27001, ISA / IEC 62443).
Maintain and improve a local a cybersecurity practice, leveraging the contribution of local IT colleagues, based on Barilla framework and leading international standards (e.g. ISO 27001).
Ensure that given reference security architectures are applied by local IT and oversee the agreed improvements at Regional level.
Implement initiatives for cybersecurity awareness in each Region, in partnership with local IT for execution.
Implement continuous improvement, monitoring and remediation in Regional cybersecurity
Perform regular assessments of local cybersecurity posture, interacting with local IT colleagues, and related evaluation of findings for prioritization.
Interact with Internal Audit in auditing activities related to information security in own Region.
Coordinate and execute remediation of vulnerabilities in Regional systems, by direct action or by instructing local IT colleagues;
in case of complex remediation, contribute to the design of technical requirements and specifications.
Lead the local execution of continuous improvement cycles in cybersecurity solutions and related risk treatment plans.
Enforce Security by design and oversee protection solutions locally
Ensure that a security by design approach is practically applied in all Regional IT projects, interacting with both local IT and external partners.
Ensure that changes and maintenance of Regional systems include a component of cyber compliance, and all cyber requirements and preliminary checks are performed by project managers and / or local IT.
Perform the extension / adoption of basic detection / protection solutions at Regional level : log management (SIEM), intrusion prevention, endpoint protection, central system patching, etc
Manage local cyber protection platforms, or the Regional portion of global cyber protection solutions in place.
Implement local incident response
In cooperation with local IT, derive local (at Regional and country level) cyber incident response plans from global incident response procedures.
In case of cyber incident involving a local subsidiary, coordinate response activities between central cybersecurity and local IT, and cooperate with local IT (or partners) as first responder in executing tasks for remediation and recovery.
Be part of the cybersecurity international community.
Be an internal reference point to local IT colleagues for cybersecurity matters, information security Corporate policies, standards and methodologies.
Distribute news and relevant content about cyber security at Regional level, in particular across the local IT community.
4 years in compatible areas (cybersecurity, IT compliance, IT risk management, system integration) in a structured company environment with international cooperation.
Bachelor’s Degree or national equivalent. Preferred areas : information technology, ICT engineering, computer science, information security, security governance.
Certifications according to one or more of the following frameworks are strongly advised : GICSP, CSSA, CEH, CISSP, CISM, Security+, ISO 27001, ISA 62443, ITIL, CAP, SANS, NIST 800 series, project management (PMP, PRINCE2).
A proficient level in professional English is paramount. Proficiency in the language of the country where he / she will be based is strongly recommended.
Good technical background in the following areas, and related technological solutions : IT Asset Management, Identity & Access Management, Network Security, Endpoint Protection, Security Operations, Secure Software Development Lifecycle, Data Protection, Infrastructure /