Global ciso

The Client: Our Client is a private industrial group, backed by a leading international Private Equity. Headquartered in Italy, they are the market leader in the production of high-mix low-volume PCB (Printed Circuit Boards), with a manufacturing footprint across Europe, North America and Asia; they deliver tailor-made products for multiple sectors on a global scale.The product portfolio stands out for its advanced technology and high reliability, offering a comprehensive service that covers the entire product life cycle and customer needs.Position - The context:Following a recent acquisition, the group is undergoing significant transformation and strengthening programs. A key priority is enhancing cybersecurity across both ICT and ICS/OT domains. Collaborating with internal stakeholders and external advisors, the focus is on defining and executing a cybersecurity roadmap to establish a robust security posture and support the company's long-term objectives.Position – The role: The cybersecurity management system plays a pivotal role in safeguarding the organization's business assets and maintaining its resilience through proactive risk management, compliance adherence, and continuous improvement efforts.In this context, the new role of Global CISO (Chief Information Security Officer) is required. The CISO will report to the Global CIO and will have exposure to the Leadership Team, and will: 1) predominantly manage internal resources while simultaneously coordinating relationships with key external suppliers 2) ensure the cyber security posture within IT and OT aligns with group's ambitions.Position – Specific responsibilities:Leadership & GovernanceDevelop and implement a global information security strategy aligned with the company's business objectivesEstablish and maintain a global information security framework, i.e., policies, protocols, and procedures, that comply with relevant laws, regulations, and industry standardsEnsure effective communication and adherence of policies, protocols, and procedures across all regions, as well as compliance with the latest laws and regulations related to information security and privacyEnsure Compliance and Regulatory Adherence by meeting industry-specific regulations and cybersecurity standards (such as ISO/IEC 27001, NIST CSF, NIST SP 800-53, NIST SP 800-171, CMMC) to safeguard sensitive data and ensure business continuityProvide regular reporting on the current status of the Cyber Security program to senior business leaders and the board of directorsMonitor and report IT-Security Key Performance Indicators (KPIs) to track effectiveness and identify areas for improvementTeam & Budget ManagementManage the company's Cyber Security team across 7 countries, providing them with strategic direction and leadershipManage the budget for the information security function, monitoring and reporting discrepanciesRisk Management, Security Architecture & Security OperationsIdentify, assess, and mitigate cybersecurity risks associated with company operations, data assets, and technologies, including intellectual property protection and regulatory complianceConduct regular security audits and handle any breaches or security incidents that arise. Lead incident response efforts, both internal and external, during security breaches and develop, test, and improve response plans for timely and effective threat managementManage IT-Security Awareness Trainings to ensure staff understanding and adherence to security protocolsManage the security architecture of the GroupContinuously monitor emerging cybersecurity threats, technologies, and best practices to adapt and enhance the company's cybersecurity posture and resilience against evolving risksBusiness Alignment: Contribute to the overall technological strategy of the companyRequirements:Education and Certificates: Degree in Computer Science with at least one IT-Security Certificate (e.g., CISSP, CISM, CISA, ISO 27001 LA/LI). Academic studies with special focus on IT-Security or a Master in cybersecurity or additional IT-Security Certificate would represent a plusKnowledge and experience: proven experience of 10+ years in Information Security in Industrial/Manufacturing Industry with global footprint Strong preference for candidates with experience in the Aerospace, Defense, Medical market sectors and Electronics / Semiconductor industries. As a plus: Experienced in matrix organization, leading local IT Security OfficersExperience in sourcing and managing vendor relationships, staff and service providers across multiple countries, with expertise in information risk analysis, vulnerability assessment, incident response, and root cause resolution.Specific Technical skills - Excellent knowledge of NIST CSF (1.1 and 2.0), ISO2700x, ISO22301 and NIS 2. Other IT-Security Standards such as NIST SP 800-53, NIST SP 800-171, SA/IEC 62443 and Cyber related Certification such as CMMC 2.0, Cyber Essential Plus, Air Cyber would represent a plus. Understanding of relevant regulations such as GDPR, DPA, PIPL, PIPA.Cybersecurity Platforms & Tools: Experience with Training and Awareness platforms, Cyber Security Testing, Threat Detection and Response, Security Information and Event Management (SIEM) platformsAs a plus: Expertise in Vulnerability management tools, forensic analysis tools and methods, GRC ToolsIdentity, Access & Network Security: Proficiency in Identity and Access Management (IAM), Secure Access Service Edge (SASE), and Security Service Edge (SSE) platformsLeadership: result-oriented leadership, strong drive complemented by emotional intelligence to be perceived as a go-to-person.

Resilience and energy in acting as a game-changer while identifying with company values with strong sense of belonging. Able to lead and motivate both own and cross-functional teams, interdisciplinary project-teams, while managing resistances assertively.Communication: effective and mature communicator to create consensus 360; will be a listener and a creative problem solver, with superior analytical capabilities to identify and mitigate security risks, acting with business judgment to prevent – address – mitigate and resolve criticalities, with sense of urgency.Execution style: a thinker and a doer, with a mix of: 1) Ability to switch from Security governance to Security daily challenges with consistent progression on awareness, controls, security programs in order to operationalize all necessary actions according to diagnostic calibration; 2) Strong curiosity, crispy intellectual power and passion for advancing technical frontiers.Languages: Full proficiency in spoken and written Italian and English is a must.Proficiency in spoken and written French or German will be considered a plus.Location: Centre of Italy

---