Global Ciso (Chief Information Security Officer)

Global CISO (Chief Information Security Officer)

The Client: Our Client is a private industrial group, backed by a leading international Private Equity. Headquartered in Italy, they are the market leader in the production of high-mix low-volume PCB (Printed Circuit Boards), with a manufacturing footprint across Europe, North America, and Asia; they deliver tailor-made products for multiple sectors on a global scale. The product portfolio stands out for its advanced technology and high reliability, offering a comprehensive service that covers the entire product life cycle and customer needs.

Position - The context: Following a recent acquisition, the group is undergoing significant transformation and strengthening programs. A key priority is enhancing cybersecurity across both ICT and ICS/OT domains. Collaborating with internal stakeholders and external advisors, the focus is on defining and executing a cybersecurity roadmap to establish a robust security posture and support the company’s long-term objectives.

Position – The role: The cybersecurity management system plays a pivotal role in safeguarding the organization's business assets and maintaining its resilience through proactive risk management, compliance adherence, and continuous improvement efforts. In this context, the new role of Global CISO (Chief Information Security Officer) is required. The CISO will report to the Global CIO and will have exposure to the Leadership Team, and will:

1. Predominantly manage internal resources while simultaneously coordinating relationships with key external suppliers.
2. Ensure the cyber security posture within IT and OT aligns with the group's ambitions.

Position – Specific responsibilities:

1. Leadership & Governance: Develop and implement a global information security strategy aligned with the company's business objectives. Establish and maintain a global information security framework, i.e., policies, protocols, and procedures, that comply with relevant laws, regulations, and industry standards. Ensure effective communication and adherence of policies, protocols, and procedures across all regions, as well as compliance with the latest laws and regulations related to information security and privacy. Ensure Compliance and Regulatory Adherence by meeting industry-specific regulations and cybersecurity standards (such as ISO/IEC 27001, NIST CSF, NIST SP 800-53, NIST SP 800-171, CMMC) to safeguard sensitive data and ensure business continuity. Provide regular reporting on the current status of the Cyber Security program to senior business leaders and the board of directors. Monitor and report IT-Security Key Performance Indicators (KPIs) to track effectiveness and identify areas for improvement.
2. Team & Budget Management: Manage the company's Cyber Security team across 7 countries, providing them with strategic direction and leadership. Manage the budget for the information security function, monitoring and reporting discrepancies.
3. Risk Management, Security Architecture & Security Operations: Identify, assess, and mitigate cybersecurity risks associated with company operations, data assets, and technologies, including intellectual property protection and regulatory compliance. Conduct regular security audits and handle any breaches or security incidents that arise. Lead incident response efforts, both internal and external, during security breaches and develop, test, and improve response plans for timely and effective threat management. Manage IT-Security Awareness Trainings to ensure staff understanding and adherence to security protocols. Manage the security architecture of the Group. Continuously monitor emerging cybersecurity threats, technologies, and best practices to adapt and enhance the company's cybersecurity posture and resilience against evolving risks.
4. Business Alignment: Contribute to the overall technological strategy of the company.

Requirements:

1. Education and Certificates: Degree in Computer Science with at least one IT-Security Certificate (e.g., CISSP, CISM, CISA, ISO 27001 LA/LI). Academic studies with special focus on IT-Security or a Master in cybersecurity or additional IT-Security Certificate would represent a plus.
2. Knowledge and experience: Proven experience of 10+ years in Information Security in Industrial/Manufacturing Industry with global footprint. Strong preference for candidates with experience in the Aerospace, Defense, Medical market sectors and Electronics / Semiconductor industries. Experienced in matrix organization, leading local IT Security Officers. Experience in sourcing and managing vendor relationships, staff and service providers across multiple countries, with expertise in information risk analysis, vulnerability assessment, incident response, and root cause resolution.
3. Specific Technical skills: Excellent knowledge of NIST CSF (1.1 and 2.0), ISO2700x, ISO22301 and NIS 2. Other IT-Security Standards such as NIST SP 800-53, NIST SP 800-171, SA/IEC 62443 and Cyber related Certification such as CMMC 2.0, Cyber Essential Plus, Air Cyber would represent a plus. Understanding of relevant regulations such as GDPR, DPA, PIPL, PIPA.
4. Cybersecurity Platforms & Tools: Experience with Training and Awareness platforms, Cyber Security Testing, Threat Detection and Response, Security Information and Event Management (SIEM) platforms. Expertise in Vulnerability management tools, forensic analysis tools and methods, GRC Tools.
5. Identity, Access & Network Security: Proficiency in Identity and Access Management (IAM), Secure Access Service Edge (SASE), and Security Service Edge (SSE) platforms.
6. Leadership: Result-oriented leadership, strong drive complemented by emotional intelligence to be perceived as a go-to-person. Resilience and energy in acting as a game-changer while identifying with company values with strong sense of belonging. Able to lead and motivate both own and cross-functional teams, interdisciplinary project-teams, while managing resistances assertively.
7. Communication: Effective and mature communicator to create consensus 360; will be a listener and a creative problem solver, with superior analytical capabilities to identify and mitigate security risks, acting with business judgment to prevent – address – mitigate and resolve criticalities, with sense of urgency.
8. Execution style: A thinker and a doer, with a mix of: 1) Ability to switch from Security governance to Security daily challenges with consistent progression on awareness, controls, security programs in order to operationalize all necessary actions according to diagnostic calibration; 2) Strong curiosity, crispy intellectual power and passion for advancing technical frontiers.
9. Languages: Full proficiency in spoken and written Italian and English is a must. Proficiency in spoken and written French or German will be considered a plus.

Location: Centre of Italy