On behalf of our esteemed Customer, a multinational Company leader in the Fashion field, we are recruiting the following profile for the Offices in Mendrisio:
INFORMATION TECHNOLOGY DIRECTOR
The Information Technology Director will report directly to the Sr. Director of Information Security and support the Information Security Program at their respective geographical region. The Director must understand and consider business strategies and decisions when developing security plans. The Director should also consider local and regional regulations and security requirements specific to EMEA that differ from other regions. The Director will be the single point of contact, subject matter expert and represent Global Information Security for the Company in Europe.
Duties and responsibilities:
- Contribute to the development of the Global Information Security strategy by identifying opportunities to address capability gaps, introduce new capabilities, or extend capabilities to address regional specific needs.
- Aligns the Information Security Strategy with the Business Strategy, Objectives and goals to ensure objectives can be met safely and securely.
- Collaborates with project teams to ensure designs and implementation plans meet all security and compliance requirements.
- Identify and assess risks introduced to the Company ecosystem from projects, technology implementations, process changes and/or third-party vendors. Must be able to define risk rating, likelihood of risk exposure and impact of exploitation.
- Define key regional metrics needed to convey the overall security posture in region to all stakeholders.
- Act as the primary point of contact and subject matter expert for subsets of General Data Protection Regulation compliance activities.
- Works with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities.
- Collaborates with business and technology teams to ensure remediation plans and strategies to eliminate threats and vulnerabilities detected in the environment are properly managed.
- Supporting all areas of the risk, security and compliance portfolio, including security awareness, PCI compliance, third party vendor assessments, GDPR, conducting security research, compiling compliance reports, communicating with stakeholders, and collaborating with the IT operations teams.
- Provides consulting services to business asset owners on information security topics as directed and with support from more senior team members.
- Understand the relevant legislation and regulations regarding the use of Information Technology and the protection of data and ensure that business processes comply with all such relevant legislation.
- Collaborates on the creation of Information Security financial forecasts to ensure the regional information security needs are included in the budget.
- Provides periodic updates to the global security leadership team to ensure all regional based business priorities and initiatives are understood.
- Will provide direct staff supervision as the EMEA Information Security team is built out.
The ideal candidate will have the following skills, knowledges and experience:
- 7-10 years working in a security related role in a medium to large organization
- Experience with security compliance reviews, security incident response, delivery of security training/awareness programs; security access reviews
- GIAC, CISSP, or equivalent
- Extensive knowledge of EU data protection laws and ability to quickly understand how those requirements relate to a company’s business operations
- Knowledge of organizational privacy controls
- Experience defining and managing data privacy programs and/or similar compliance protocols
- Deep knowledge of data processing operations, and establishing data handling and storage protocols, and work with in-house and outside legal counsel to navigate ongoing GDPR compliance
- Knowledge of PCI-DSS, ISO27001, access controls, web application security, data classification and handling, 3rd party security, and cryptographic techniques
- Must be able to review and assess compliance certification documentation including SSAE18, ISO27001 etc.
- Must have a strong level of application, technology, data and process architecture experience to apply to risk assessment identification and remediation
- Fluency in English is mandatory