Chief Information Security Officer (CISO)

For its headquarters in Bologna, Italy, the Central Organisation is seeking a Chief Information Security Officer (CISO) to design, lead, and implement a comprehensive cybersecurity strategy for the observatory's distributed, high-performance scientific and operational environments. This senior leadership position reports directly to the CTAO Director General, with the mission to protect CTAO's global computing infrastructure, research data, and reputation from cyber threats while ensuring compliance with European cybersecurity regulations, including NIS2, GDPR, and the Cyber Resilience Act. The CISO will cooperate with the CTAO Computing Coordinator, as well as the Computing and IT teams, to develop and implement the security strategy for the protection of the CTAO.

Key Responsibilities

• Develop and execute the CTAO's cybersecurity and IT risk management strategy, ensuring alignment with scientific and organisational objectives.
• Establish and maintain an Information Security Management System (ISMS) compliant with ISO/IEC 27001 and NIST standards.
• Oversee implementation of technical controls and incident response systems, including endpoint protection, intrusion detection, and network security.
• Lead and coordinate the creation of the CTAO Computer Emergency Response Team (CERT), managing incident handling and forensic capabilities across all sites.
• Define and maintain cybersecurity policies, procedures, and risk frameworks, ensuring adherence to European and national cybersecurity laws.
• Collaborate with IT, technical, administrative, and scientific teams across international sites to ensure secure computing operations, data exchange, and infrastructure integrity.
• Advise CTAO leadership on risk management, compliance, and security governance.
• Promote a culture of cybersecurity awareness and provide training to staff and collaborators.

Qualifications and Experience

• University degree in Computer Science, Cybersecurity, Information Technology, or a related discipline.
• Minimum five years of progressively responsible experience in information and cyber security, including leadership roles in complex or research environments.
• In-depth understanding of network and host-based attacks, risk management, and defence architectures.
• Proven knowledge of EU cybersecurity frameworks (NIS2, GDPR, ISO 27001, NIST).
• Experience with incident response, malware triage, log analysis, and forensic methods.
• Excellent command of English (spoken and written).

Desirable Qualifications

• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor.
• Experience in international or multi-site scientific collaborations.
• Familiarity with cloud and high-performance computing environments.
• Working knowledge of additional European languages.

Workplace

Bologna, Italy. Travel will be required.

Contract

Open-term, full-time.

Deadline for Applications

This job posting welcomes candidates who comply with Italian law 68/99 for accessibility. Applications are accepted without distinction on any grounds of gender, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, gender identity, property, birth, disability, age or sexual orientation.