Ferrero visual

Cyber Risk Governance Specialist

Job Location: ​Luxembourg

Company description

Ferrero is a family-owned company with a truly progressive and global outlook and iconic brands such as Nutella®, Tic Tac®, Ferrero Rocher®, Raffaello®, Kinder Bueno® and Kinder Surprise®. As the love for our brands continues to grow, so too does our global reach. Represented in 55 countries, with products sold in more than 170, the Ferrero Group is loved by generations around the world. The secret to our global success? Nearly 35,000 dedicated employees who celebrate care and quality to craft a business, careers and brands we are proud of. Join us, and you could be one of them. 

Diversity Statement

Ferrero is committed to building a diverse and inclusive culture in which all employees feel welcomed and appreciated and have the same opportunities. We believe all of our people are equally talented in their own way. In nurturing the curiosity and natural abilities of our employees, we provide them, generation after generation, the means to succeed personally and professionally, enabling them to craft their journey at Ferrero. The diversity of our talents is what makes our work environment multicultural, innovative and highly rewarding.

About the Role:

For our Ferrero HQs in Luxembourg, we are looking for a Cyber Risk Governance Specialist (Metric, Reporting, generic GRC) who will report managerially to Cyber Risk Governance. 

The Cyber Risk Governance Specialist:

  • supports the design and maintenance of KPI\KRI, metrics and reports of Cybersecurity and IT security posture, for different stakeholders inside the company, to ensure an overall direction for the Cybersecurity Information Security Management System. 
  • maintains and continuously helps evolving corporate Cybersecurity Policy, Procedures and Processes Framework while cooperating with the Cyber Risk Governance.
  • supports the execution of the Cyber risk management methodology, completing the more operational tasks and monitoring the overall Group Cyber Risk profile. 
  • assists with the implementation of specific initiatives to support Cybersecurity compliance efforts in relation to an evolving global, legal and regulatory landscape.
  • supports Cybersecurity and IT's security posture through the design and maintenance of KPI\KRI, metrics and reports to ensure Cybersecurity Information Security Management System's overall direction.

Main Responsibilities:

Main Tasks:

  • Support the understanding and collection of Key Performance Indicators (KPI):
    •     Gather data and metrics to enable the already defined metrics and KPIs; and its display in the Power BI dashboard,
    •     Correlate gathered information to determine whether the Cybersecurity program is performing as expected,
    •     Define a new set of relevant metrics to be shared with IT department both at Group and Regional level, and
    •     Continuously improve the measurement capabilities and adjust thresholds to fit the current model to Ferrero environment.
  • Support the design of performance reports regarding Cybersecurity process, for different management audiences and disseminate them among proper stakeholders.
  • Support the definition and maintenance of policies and procedures, based on Ferrero’s environment and industry leading practices.
  • Support the appropriate stakeholders in order to retrieve, map and classify the information handled by applications. 
  • Support the evaluation of third-party providers in order to integrate the periodical Cyber Risk evaluation.
  • Support the integration of Cybersecurity risk and compliance aspects into other Group processes though the following activities:
    •     Performing Cybersecurity risks assessments (e.g. impacts and likelihood) to confirm or update risk levels.
    •     Assisting in the monitoring of intelligent tracking, prioritizing and responding to findings (remediation plans) to ensure effectiveness in reducing Cyber risks to an acceptable level.
    •     Supporting the institution of a program of IT asset risk management.

Who we are looking for:


  • Master Degree in Information Technology or other related fields;
  • 3+ years of experience in a similar position or in Cybersecurity consultancy;
  • Knowledge of frameworks aiming to govern the Cybersecurity maturity of business environments;
  • Definition and collection of security and IT Key Performance Indicators and metrics;
  • Design reporting documents regarding Cybersecurity process for management;
  • Knowledge of:
    •     typical activities related to the interaction between an asset catalog and the application classification during a Risk Assessment;
    •     Cybersecurity international standards, law and regulations (e.g. ENISA, NIST, ISO27000);
    •     Power BI Tool;
  • Basic knowledge of security technologies such as SIEM and EDR is considered a plus.
  • The incumbent should have:
    •     Experience in the definition and collection of metrics, security KPI and reporting, definition and maintenance of Cybersecurity Policies and procedures, IT and Cybersecurity Processes;
    •     Outstanding analytical and conceptual skills;
    •     Experience in applying methodologies and processes to analyze Cybersecurity risks (e.g. impacts and likelihood evaluation) and monitoring Cybersecurity Key Risk Indicators;
    •     Experiences in Manufacturing and/or Food & Beverage Environment that will be considered a plus.
  • Availability to travel for business purposes and in case of need for short-term assignments (estimated time up to 5%).
  • Willingness and ability to work within a team;
  • Ability to adapt to different and difficult scenarios;
  • Enthusiasm and commitment to excellence with a result-oriented approach;
  • Ethical and strong personal values.

IT Skills & Other:

  • Proficiency in MS Office skills Advanced in Excel;
  • Professional Certifications are considered a plus;
  • ISO/IEC 27001:2013 Auditor/Lead Auditor;
  • GCCC: GIAC Critical Controls Certification;
  • CISM: Certified Information Security Manager;
  • CISA: Certified Information Systems Auditor;
  • Other equivalent certification.

Language Skills:

  • Fluency in spoken and written English;
  • Knowledge of any other European language will be considered a plus.

We offer:

  • An international and challenging working environment;
  • An attractive salary package. 

How to be successful in the role and at Ferrero:

Consumers, quality and care are at the heart of everything we do. So, to be successful at Ferrero, you’ll need to be just as consumer and product centric as we are - dedicated to crafting brilliant results for consumers around the world. 

Requisition ID
Ferrero logo