Ferrero visual

Cyber Risk Governance Specialist

Job Location: Luxembourg

Job Location: Luxembourg

Company description

Ferrero is a family-owned company with a truly progressive and global outlook and iconic brands such as Nutella®, Tic Tac®, Ferrero Rocher®, Raffaello®, Kinder Bueno® and Kinder Surprise®. As the love for our brands continues to grow, so too does our global reach. Represented in 55 countries, with products sold in more than 170, the Ferrero Group is loved by generations around the world. The secret to our global success? Nearly 35,000 dedicated employees who celebrate care and quality to craft a business, careers and brands we are proud of. Join us, and you could be one of them. 

Diversity Statement

Ferrero is committed to building a diverse and inclusive culture in which all employees feel welcomed and appreciated and have the same opportunities. We believe all of our people are equally talented in their own way. In nurturing the curiosity and natural abilities of our employees, we provide them, generation after generation, the means to succeed personally and professionally, enabling them to craft their journey at Ferrero. The diversity of our talents is what makes our work environment multicultural, innovative and highly rewarding.

About the Role:

For our Ferrero HQs in Luxembourg, we are looking for a Cyber Risk Governance Specialist (Metric, Reporting, generic GRC) who will report managerially to the Cyber Risk Governance manager.

The incumbent will support:

  • Cybersecurity and IT Security through the design and maintenance of KPI\KRI, metrics and reports to ensure Cybersecurity Information Security Management System's overall direction;
  • The improvement of corporate Cybersecurity Policy, Procedures and Processes Framework, Cyber risk assessment and Cybersecurity compliance activities, cooperating with the Cyber Risk Governance.

Main Responsibilities:

  • Design and develop performance reports regarding Cybersecurity process, for different management audiences and disseminate them among proper stakeholders;
  • Improve the Cybersecurity Reporting Framework defined by the Group while keeping this up to date and aligned with cybersecurity processes, programs, activities and main events on a weekly basis;
  • Support the understanding and collection of Key Performance Indicators;
  • Gather data and metrics to enable the already defined metrics and KPIs displayed in the Power BI dashboard;
  • Correlate gathered information to determine whether the Cybersecurity program is performing as expected;
  • Define a new set of relevant metrics to be shared with IT department both at Group and Regional level;
  • Continuously improve the measurement capabilities and adjust thresholds to fit the current model to the Group's environment;
  • Provide support:
    • in the definition and maintenance of policies and procedures, based on Ferrero’s environment and industry leading practices;
    • in the appropriate stakeholders in order to retrieve, map and classify the information handled by applications;
    • for Cybersecurity risk assessments and the integration of the Cybersecurity compliance aspects into other Group processes;
    • in the evaluation of third-party providers in order to integrate the periodical Cyber Risk evaluation.

Who we are looking for:


  • Master Degree in Information Technology, Economics, Engineering, Mathematics, Business Management or other related fields;
  • 3-5 years of experience in a similar position or in Cybersecurity consultancy;
  • Experiences in Manufacturing and/or Food & Beverage industry would be preferred;
  • Outstanding analytical and conceptual skills;
  • Knowledge of frameworks aimed to govern the Cybersecurity maturity of business environments;
  • Definition and collection of security and IT Key Performance Indicators and metrics;
  • Design reporting documents regarding Cybersecurity process for management;
  • Knowledge of the typical activities related to the interaction between an asset catalog and the application classification during a Risk Assessment;
  • Cybersecurity international standards, law and regulations (e.g. ENISA, NIST, ISO27000);
  • Basic knowledge of security technologies such as SIEM and EDR and reporting tools such as Power BI will be considered a plus;
  • Experience in the definition and collection of metrics, security KPI and reporting, definition and maintenance of Cybersecurity and IT Policies and procedures;
  • Experience applying methodologies and processes to analyze Cybersecurity risks (e.g. impacts and likelihood evaluation) and monitoring Cybersecurity Key Risk Indicators.


IT Skills & Other:

  • Proficiency in MS Office skills Advanced in Excel;
  • Security technologies such as SIEM and EDR are considered a plus;
  • Reporting tools such as Power BI will be consirered a plus;
  • Professional Certifications considered a plus: 
    • ISO/IEC 27001:2013 lead implementer
    • CISM: Certified Information Security Manager
    • CISA: Certified Information Systems Auditor
    • Other equivalent certification.

Language Skills:

  • Fluency in spoken and written English;
  • Knowledge of any other European language will be considered a plus.

We offer:

  • An international and challenging working environment;
  • An attractive salary package. 

How to be successful in the role and at Ferrero:

Consumers, quality and care are at the heart of everything we do. So, to be successful at Ferrero, you’ll need to be just as consumer and product centric as we are - dedicated to crafting brilliant results for consumers around the world. 

Requisition ID
Ferrero logo