ICT Information Security Compliance Analyst

Ascom · Firenze, Toscana, Italia · · 50€ - 70€

Descrizione dell'offerta

We are…A global solutions provider focused on Healthcare ICT and mobile workflow solutions. Headquartered in Switzerland, our business spans across 18 countries, and has been supporting the healthcare industry for close to 160 years by providing them with technology to enable them to support their communities. At Ascom, our culture is built on four core values that guide how we operate every day. We are Customer focused, ensuring that the people who rely on our solutions always come first. We are Innovative, continually seeking new ways to improve how information flows and drives better decisions. We are Dedicated, going the extra mile to deliver secure, high-quality solutions. And we are Connected, fostering collaboration across teams and geographies to strengthen both our work and our impact.

About the Role

ICT Information Security Compliance Analyst is a position within the ICT group. The main purpose of this position is to ensure that Ascom constantly maintains a high security posture in digital environments to build innovative solutions in healthcare, while protecting these against cyber threats. This position requires understanding and taking steps to mitigate risks and ensure the secure operation of the systems, servers, and network connections.

Responsibilities

  • Compliance & Governance
  • Monitor adherence to internal security policies, industry standards, and regulatory frameworks (e.g., GDPR, ISO 27001, NIS2, NIST).
  • Support internal and external audits, certification processes, and periodic compliance reviews.
  • Develop, maintain, and update compliance documentation, audit evidence, and control registers.
  • Collaborate with cross-functional teams to ensure proper implementation of security protocols and requirements.
  • Ensuring security updates are in place across all systems, performing security checks and troubleshooting activities.
  • Establish and maintain documentation standards to ensure traceability, quality, and serviceability of delivered security solutions.
  • Participate in the detection, analysis, and response to security incidents.
  • Contain, mitigate, and resolve security events efficiently.
  • Monitor network environments to identify suspicious activities, anomalies, or early signs of compromise.
  • Document incident activities and ensure compliance obligations are met during investigations.
  • Communicate system status, planned interventions, downtime, and relevant changes to stakeholders in a clear and timely manner.
  • Identify security and compliance risks, recommending corrective measures and mitigation strategies.
  • Support risk assessments, vulnerability management, and periodic evaluations of security controls.
  • Researching emerging threats and the mitigations that can provide protection.
  • Proactively collaborate with business units to address security issues and strengthen architectures in hybrid and multi‑cloud environments.
  • Analyse network systems and infrastructure to ensure secure configurations and adherence to best practices.
  • Support third-party risk assessments and maintain compliance documentation repositories.
  • Promote information security awareness across the organization through training and engagement initiatives.
  • Ensuring recurrent and periodic reviews are in place in testing accuracy and applicability of information security trainings against emerging threats.
  • Reporting
  • Prepare structured reports on security posture, compliance status, and incident response findings for management, auditors, and regulatory bodies.
  • Provide regular updates on security posture, improvements, and outstanding risk items.
  • Ensure documentation standards to preserve the traceability and serviceability of delivered security solutions.

Qualifications

  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Computer Engineering, Information Security, or a related field.
  • In the absence of a relevant degree, an additional 5 years of proven experience may be considered.
  • Professional Experience
  • 3-5+ years of experience in Information Security, with a focus on risk management, governance, and compliance.
  • Experience in ICT infrastructure, security controls, and enterprise technology environments.
  • Exposure to incident response processes, security operations, and associated tools.
  • Technical Knowledge
  • Strong understanding of Information Security Management Systems (ISMS) and control frameworks such as:
  • ISO 27001, NIST Cybersecurity Framework, NIS 2 Directive, GDPR requirements
  • Experience reviewing and interpreting security scan results and remediating vulnerabilities.
  • Familiarity with enterprise architectures, including:
  • Network and system architecture, Enterprise directory services, Integration architecture, Identity and Access Management (IAM)
  • Familiarity with:
  • Security monitoring practices, Basic forensic techniques, Cloud security controls and hybrid-environment security architectures, SIEM tools
  • Regulatory & Risk Knowledge
  • Demonstrated understanding of data privacy laws and regulatory requirements.
  • Broad awareness of business impacting security threats, detection methods, and risk assessment methodologies.
  • Security Principles & Best Practices
  • Solid understanding of security principles, cybersecurity lifecycle, and security software management best practices.

Preferred Skills

  • Certifications (Preferred)
  • CISM, CISA, CISSP
  • CompTIA Security+
  • GIAC GCIH (or similar incident response certifications)

Equal Opportunity Statement

Ascom is committed to diversity and inclusivity in the workplace.

#J-18808-Ljbffr
Candidati ora Torna all'elenco

Azioni

Candidati ora Salva nei preferiti Torna all'elenco