Manager, IT Security & Compliance

Job description

For a leading Fashion Company we are looking for:

Manager, IT Security & Compliance

reporting directly to the VP of Information Technology

Scope of the Position: This job is a crucial role to raise the level of security and compliance awareness as well as measures to the next level. This person will assist in the design and the execution of the company security and compliance plan ensuring alignment with the Holding’s standards, practices and principles across all regions.

Job Responsibilities:

• Brand lead for ensuring Holding’s strategic vision for security and compliance is implemented and adhered to
• Assist in the design, architecture and provide security expertise for all the Holding and brand specific solutions and initiatives
• Educates IT and the business about security policies and best practices across all regions
• Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues
• Responsible for the management and enhancement of the 3rd party Security Operation Center
• Work with both internal and external auditors to ensure compliance with all government and industry mandated regulations including, but not limited to, SOX, PCI, GDPR, MLPS and PIPL
• Conducts 3rd party vendor assessments
• Lead and coordinate Vulnerability Management activities, reporting on progress and risks to IT leadership
• Assist but not limited to defining; security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)
• Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents and security controls
• Reviews all IT solutions for compliance with standards
• Manages and monitors security for more than one IT functional area (e.g., data, systems, network and/or Web) across the enterprise
• Prepares status reports on security matters to develop security risk analysis scenarios and response procedures
• Responsible for the tracking, monitoring and reporting of security events and incidents to Capri IT Security Leadership
• Participate in the evaluation of products and/or procedures to enhance security effectiveness

Professional experience:

• About 10 years of combined IT and security work experience with a broad range of exposure to network, server infrastructure, systems analysis; at least 5 years of experience with information security
• Preferred experience in retail – luxury or in any industry where intellectual property protection is relevant

 Requirements:

• Education: Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience
• Language skills: English fluent and Italian
• Technical skills:
• Preferred certifications include CISSP, CISM, and/or CISA
• Proven history of ensuring compliance with SOX, GDPR, and PCI
• Requires knowledge of security issues, techniques and implications across all existing computer platforms
• Experienced in security administration, management of security projects and complicated security issues

Personal Skills:

• Good relationships skills, social intelligence and teamwork
• Strong organisation, problem solving and analytical skills
• Good verbal communication and negotiation skills
• A positive, outgoing, high energy personality able to thrive within a high paced environment and being multi- tasking

 Workplace: Novara