Cyber Risk Governance Specialist
Job Location: Luxembourg
Ferrero is a family-owned company with a truly progressive and global outlook and iconic brands such as Nutella®, Tic Tac®, Ferrero Rocher®, Raffaello®, Kinder Bueno® and Kinder Surprise®. As the love for our brands continues to grow, so too does our global reach. Represented in 55 countries, with products sold in more than 170, the Ferrero Group is loved by generations around the world. The secret to our global success? Nearly 35,000 dedicated employees who celebrate care and quality to craft a business, careers and brands we are proud of. Join us, and you could be one of them.
Ferrero is committed to building a diverse and inclusive culture in which all employees feel welcomed and appreciated and have the same opportunities. We believe all of our people are equally talented in their own way. In nurturing the curiosity and natural abilities of our employees, we provide them, generation after generation, the means to succeed personally and professionally, enabling them to craft their journey at Ferrero. The diversity of our talents is what makes our work environment multicultural, innovative and highly rewarding.
About the Role:
For our Ferrero Headquarters in Luxembourg, and our Cybersecurity department we are looking for a Risk Governance Specialist.
Reporting managerially to Cyber Risk Governance as the Cyber Risk Governance Specialist you will be responsible for executing Cyber Risk Assessments and Third-Party Cybersecurity Assessments. You will do by following the Cyber Risk Management methodology and by supporting the monitoring of the overall Group Cyber Risk profile.
Moreover, you will be responsible for supporting the definition and maintenance of the Cybersecurity Governance Framework while ensuring an overall direction for the Information Security Management System.
As the Cyber Risk Governance Specialist you will assist with the implementation of specific initiatives to support Cybersecurity's compliance efforts in relation to an evolving global, legal, and regulatory landscape.
- Support the definition and maintenance policy and procedure based on Ferrero’s environment and industry leading practices;
- Liaise between the integration of Cybersecurity risk and compliance aspects into other Group processes in a proper manner by:
- performing Cybersecurity risks assessments (e.g. impacts and likelihood) to confirm or update risk levels;
- assisting in the monitoring of intelligent tracking, prioritizing and responding to findings (remediation plans) to ensure effectiveness in reducing Cyber risks to an acceptable level;
- providing support the institution of a program of IT asset risk management;
- Assist the appropriate stakeholders in order to retrieve, map and classify the information handled by applications;
- Guide the evaluation of third-party providers of services in order to integrate the periodical Cyber Risk evaluation;
- Support the execution of the activities developed to increase the unders.
Who we are looking for:
- Master's degree in Information Technology, Economics, Business & Administration, Telecommunications, or other related fields;
- 2-4 years of work experience in a similar position or in cybersecurity consultancy;
- Experience in:
- auditing or assessing Cybersecurity controls linked to a Cybersecurity Risk Management methodology;
- auditing or assessing Third-Party Cybersecurity Risks;
- the definition and maintenance of a Cybersecurity Governance Framework leading to its evolution;
- assessing compliance against Cybersecurity Frameworks/Lead Practices & Regulations;
- manufacturing and/or Food & Beverage Environment are considered a plus;
- in Cybersecurity Risk Management process (e.g., ISO27005);
- of Cybersecurity control evaluation;
- in Service Organization Control Reports (SOC);
- in IT Audit Framework;
- of Cybersecurity international standards, law and regulations (e.g. CobiT, ITIL, ENISA, NIST, ISO27001, ISO27031);
- Strong communication and Presentation skills;
- Availability to travel for short-term assignments estimated up to 5% of the time;
- Team and collaboration orientation;
- Performance driven;
- Learning orientation;
- Ethical and strong personal values.
IT and Other skills/knowledge:
- Advanced proficiency in MS Office;
- Professional certifications that will be considered a plus to have:
- ISO/IEC 27001:2013 Auditor/Lead Auditor;
- ISO/IEC 27005: 2018: Risk Manager;
- GCCC: GIAC Critical Controls Certification;
- CISM: Certified Information Security Manager;
- CRISC: Certified in Risk and Information Systems Control;
- CISA: Certified Information Systems Auditor;
- Other equivalent certification.
- Fluent proficiency in written and spoken English is mandatory;
- Any other European language will be considered an asset.
How to be successful in the role and at Ferrero:
Consumers, quality and care are at the heart of everything we do. So, to be successful at Ferrero, you’ll need to be just as consumer and product centric as we are - dedicated to crafting brilliant results for consumers around the world.