ICT Information Security Compliance Analyst

We are…
A global solutions provider focused on Healthcare ICT and mobile workflow solutions. Headquartered in Switzerland, our business spans across 18 countries, and has been supporting the healthcare industry for close to 160 years by providing them with technology to enable them to support their communities.

At Ascom, our culture is built on four core values that guide how we operate every day. We are
Customer focused
, ensuring that the people who rely on our solutions always come first. We are
Innovative
, continually seeking new ways to improve how information flows and drives better decisions. We are
Dedicated
, going the extra mile to deliver secure, high-quality solutions. And we are
Connected
, fostering collaboration across teams and geographies to strengthen both our work and our impact.

Purpose
ICT Information Security Compliance Analyst is a position within the ICT group. The main purpose of this position is to ensure that Ascom constantly maintains a
high security posture in digital environments
to build innovative solutions in healthcare, while protecting these against cyber threats.

This position requires understanding and taking steps to mitigate risks and ensure the secure operation of the systems, servers, and network connections.

Role Overview
The ICT Information Security Compliance Analyst will assist in detecting, investigating, and defending against information security incidents targeting Ascom's infrastructure and data.

This includes ensuring that the organization's information systems comply with regulatory requirements, internal policies, and industry standards. This role also actively supports
incident response activities
to mitigate security threats and maintain compliance during and after incidents as part of the ICT Information Security team.

The applicant will also support in analyzing and resolving vulnerability issues in a timely and accurate manner, and support in activity audits where required.

Job Focus Areas
Compliance & Governance

• Monitor adherence to internal security policies, industry standards, and regulatory frameworks (e.g., GDPR, ISO 27001, NIS2, NIST).
• Support internal and external audits, certification processes, and periodic compliance reviews.
• Develop, maintain, and update compliance documentation, audit evidence, and control registers.
• Collaborate with cross-functional teams to ensure proper implementation of security protocols and requirements.
• Ensuring security updates are in place across all systems, performing security checks and troubleshooting activities.
• Establish and maintain documentation standards to ensure traceability, quality, and serviceability of delivered security solutions.

Incident Response

• Participate in the detection, analysis, and response to security incidents.
• Contain, mitigate, and resolve security events efficiently.
• Monitor network environments to identify suspicious activities, anomalies, or early signs of compromise.
• Document incident activities and ensure compliance obligations are met during investigations.
• Communicate system status, planned interventions, downtime, and relevant changes to stakeholders in a clear and timely manner.

Risk Management

• Identify security and compliance risks, recommending corrective measures and mitigation strategies.
• Support risk assessments, vulnerability management, and periodic evaluations of security controls.
• Researching emerging threats and the mitigations that can provide protection.
• Proactively collaborate with business units to address security issues and strengthen architectures in hybrid and multi‑cloud environments.
• Analyse network systems and infrastructure to ensure secure configurations and adherence to best practices.
• Support third-party risk assessments and maintain compliance documentation repositories.

Training & Awareness

• Promote information security awareness across the organization through training and engagement initiatives.
• Ensuring recurrent and periodic reviews are in place in testing accuracy and applicability of information security trainings against emerging threats

Reporting

• Prepare structured reports on security posture, compliance status, and incident response findings for management, auditors, and regulatory bodies.
• Provide regular updates on security posture, improvements, and outstanding risk items.
• Ensure documentation standards to preserve the traceability and serviceability of delivered security solutions.

Other duties as assigned

Required Competencies
Education

• Bachelor's or Master's degree in Computer Science, Cybersecurity, Computer Engineering, Information Security, or a related field.
• In the absence of a relevant degree, an additional 5 years of proven experience may be considered.

Professional Experience

• 3-5+ years of experience in Information Security, with a focus on risk management, governance, and compliance.
• Experience in ICT infrastructure, security controls, and enterprise technology environments.
• Exposure to incident response processes, security operations, and associated tools.

Technical Knowledge

• Strong understanding of Information Security Management Systems (ISMS) and control frameworks such as:
• ISO 27001, NIST Cybersecurity Framework, NIS 2 Directive, GDPR requirements
• Experience reviewing and interpreting security scan results and remediating vulnerabilities
• Familiarity with enterprise architectures, including:
• Network and system architecture, Enterprise directory services, Integration architecture, Identity and Access Management (IAM)
• Familiarity with:
• Security monitoring practices, Basic forensic techniques, Cloud security controls and hybrid-environment security architectures, SIEM tools

Regulatory & Risk Knowledge

• Demonstrated understanding of data privacy laws and regulatory requirements.
• Broad awareness of business impacting security threats, detection methods, and risk assessment methodologies.

Security Principles & Best Practices

• Solid understanding of security principles, cybersecurity lifecycle, and security software management best practices.

Certifications (Preferred)

• CISM, CISA, CISSP
• CompTIA Security+
• GIAC GCIH (or similar incident response certifications)

About You
You are a professional who demonstrates strong technical expertise, collaboration skills, and a proactive mindset.

You Are/have

• Knowledge of ICT security and infrastructure design, with the ability to confidently defend technical positions while remaining open to incorporating others' perspectives to refine solutions.
• A good understanding of relevant ICT platforms, software, network architectures, and hardware components.
• High ethical integrity, professionalism, and diligence in all assigned tasks.
• A strong team-oriented attitude with excellent interpersonal and organizational abilities.
• Effective communication skills and the ability to collaborate seamlessly within distributed and cross functional teams.
• A positive attitude, with a willingness to share knowledge and support colleagues.
• Commitment to continuous learning and personal development.
• Confidence in making informed decisions, even in ambiguous or evolving situations.
• Strong analytical and problem-solving capabilities.
• The ability to perform effectively under pressure.
• Excellent time management skills, with the capacity to work both independently and under supervision when required.
• Strong written and verbal communication skills.
• Willingness to participate in on call rotations in the event of a security incident or other emergencies, requesting a minimum flexibility regarding working hours.

Work Environment
The work environment characteristics described here reflect the typical conditions encountered while performing the essential duties of this role.

Work Requirements

• Adherence to all relevant Ascom Information Security policies and procedures related to Quality, Security, Safety, Business Continuity, and Environmental management systems.
• Upholding company values and policies, including those relating to ethics, conduct, and workplace safety.
• Ability to obtain and maintain the required security clearance (candidates must either be EU citizens or have been legally working within the EU for the past five years).
• Occasional travel to Ascom locations or customer sites to support operations within required timeframes.
• Flexibility to accommodate minor variations in working hours, including occasional scheduled weekend work for high priority project deliverables or major incident support.
• Occasional international travel as required; employees must possess valid travel documents and be able to obtain a US VISA if necessary.

Language Requirements
Being fluent in English, both written and spoken, is a mandatory prerequisite, ensuring effective communication with international teams, stakeholders, and external partners.

Department
ICT

Location
Scandicci (Florence), Italy

Workplace Attendance Requirements
Hybrid setup: 4 on‑site days per week, plus 1 remote day upon successfully passing the probationary period.