Global CISO

The Client:

Our Client is a private industrial group , backed by a leading international Private Equity.

Headquartered in Italy, they are the market leader in the production of high-mix low-volume PCB (Printed Circuit Boards), with a manufacturing footprint across Europe, North America and Asia; they deliver tailor-made products for multiple sectors on a global scale.

The product portfolio stands out for its advanced technology and high reliability, offering a comprehensive service that covers the entire product life cycle and customer needs.

Position - The context:

Following a recent acquisition, the group is undergoing significant transformation and strengthening programs. A key priority is enhancing cybersecurity across both ICT and ICS/OT domains. Collaborating with internal stakeholders and external advisors, the focus is on defining and executing a cybersecurity roadmap to establish a robust security posture and support the company's long-term objectives.

Position – The role:

The cybersecurity management system plays a pivotal role in safeguarding the organization's business assets and maintaining its resilience through proactive risk management, compliance adherence, and continuous improvement efforts.

In this context, the new role of Global CISO (Chief Information Security Officer) is required. The CISO will report to the Global CIO and will have exposure to the Leadership Team, and will: 1) predominantly manage internal resources while simultaneously coordinating relationships with key external suppliers 2) ensure the cyber security posture within IT and OT aligns with group's ambitions.

Position – Specific responsibilities:

Leadership & Governance

Develop and implement a global information security strategy aligned with the company's business objectives

Establish and maintain a global information security framework, i.e., policies, protocols, and procedures, that comply with relevant laws, regulations, and industry standards

Ensure effective communication and adherence of policies, protocols, and procedures across all regions, as well as compliance with the latest laws and regulations related to information security and privacy

Ensure Compliance and Regulatory Adherence by meeting industry-specific regulations and cybersecurity standards (such as ISO/IEC 27001, NIST CSF, NIST SP 800-53, NIST SP 800-171, CMMC) to safeguard sensitive data and ensure business continuity

Provide regular reporting on the current status of the Cyber Security program to senior business leaders and the Board of Directors

Monitor and report IT-Security Key Performance Indicators (KPIs) to track effectiveness and identify areas for improvement

Team & Budget Management

Manage the company's Cyber Security team across 7 countries, providing them with strategic direction and leadership

Manage the budget for the information security function, monitoring and reporting discrepancies

Risk Management, Security Architecture & Security Operations

Identify, assess, and mitigate cybersecurity risks associated with company operations, data assets, and technologies, including intellectual property protection and regulatory compliance

Conduct regular security audits and handle any breaches or security incidents that arise. Lead incident response efforts, both internal and external, during security breaches and develop, test, and improve response plans for timely and effective threat management

Manage IT-Security Awareness Trainings to ensure staff understanding and adherence to security protocols

Manage the security architecture of the Group

Continuously monitor emerging cybersecurity threats, technologies, and best practices to adapt and enhance the company's cybersecurity posture and resilience against evolving risks

Business Alignment: Contribute to the overall technological strategy of the company

Requirements:

Education and Certificates:

• Degree in Computer Science or equivalent experience with at least one IT-Security Certificate (e.g., CISSP, CISM, CISA, ISO 27001 LA/LI). Academic studies with special focus on IT-Security or a Master in cybersecurity or additional IT-Security Certificate would represent a plus

Knowledge and experience:

• 10+ years' experience in Information Security in Industrial/Manufacturing Industry with global footprint
• Strong preference for candidates with experience in the Aerospace, Defense, Medical market sectors and Electronics / Semiconductor industries
• As a plus: Experienced in matrix organization, leading local IT Security Officers
• Experience in sourcing and managing vendor relationships, staff and service providers across multiple countries, with expertise in information risk analysis, vulnerability assessment, incident response, and root cause resolution.

Capabilities:

• Results-oriented leader, strong drive complemented by emotional intelligence to be perceived as the go-to-person. Resilience and energy in acting as a game-changer while identifying with the company values and creating a strong sense of belonging. Able to lead and motivate both own and cross-functional teams and interdisciplinary project-teams, while managing resistance effectively.
• Effective and mature communicator to create 360 consensus; will be a listener and a creative problem solver, with superior analytical capabilities to identify and mitigate security risks, acting with business judgment to prevent, address, mitigate and resolve criticalities, with a sense of urgency.
• Execution style: a thinker and a doer, with a mix of:
• Ability to switch from Security governance to daily challenges with consistent progression on awareness, controls and security programs in order to operationalise all necessary actions according to diagnostic calibration
• Strong curiosity, crispy intellectual power and passion for advancing technical frontiers.

Specific Technical skills:

• Excellent knowledge of NIST CSF (1.1 and 2.0), ISO2700x, ISO22301 and NIS 2. Other IT-Security Standards such as NIST SP 800-53, NIST SP 800-171, SA/IEC 62443 and Cyber related Certification such as CMMC 2.0, Cyber Essential Plus, Air Cyber would represent a plus.
• Understanding of relevant regulations such as GDPR, DPA, PIPL, PIPA.
• Cybersecurity Platforms & Tools: Experience with Training and Awareness platforms, Cyber Security Testing, Threat Detection and Response, Security Information and Event Management (SIEM) platforms
• As a plus: Expertise in Vulnerability management tools, forensic analysis tools and methods, GRC Tools
• Identity, Access & Network Security: Proficiency in Identity and Access Management (IAM), Secure Access Service Edge (SASE), and Security Service Edge (SSE) platforms

Languages: Full proficiency in spoken and written Italian and English is a must.

Proficiency in spoken and written French or German will be considered a plus.

Location: Centre of Italy