IT Security & Compliance Manager

Mission

Ensure the protection, integrity and compliance of the company’s IT systems and information assets by implementing corporate security standards, managing local risk and compliance requirements, and leading security governance and incident response processes.

Role Description

The IT Security & Compliance Manager is responsible for overseeing local IT security governance and ensuring alignment with corporate security standards and regulatory requirements. Acting as the main point of contact for IT risk and compliance matters, the role coordinates with Corporate IT, Legal, and Business stakeholders to assess risks, implement controls, manage incidents, and ensure ongoing compliance with applicable laws and internal policies.

The position will have a direct hierarchical reporting line to Security Risk & Compliance Country Manager.

The position is based in Milan.

Responsibilities

• Act as the primary liaison with Corporate Global IT Risk & Compliance (GIRCO), ensuring alignment with global IT security standards and providing local feedback.
• Conduct local IT risk assessments in coordination with business stakeholders and define mitigation plans.
• Adapt and implement corporate IT security standards (deriving from SOX controls) and define local technical and organizational security measures.
• Ensure compliance with applicable local regulations (e.g., data protection and privacy laws) in collaboration with the Legal department.
• Monitor, review, and evaluate IT security procedures and controls; report compliance status and identify areas of improvement.
• Define and follow up on action plans to strengthen IT security controls and reduce risk exposure.
• Oversee security incident monitoring and act as first-level responder, coordinating escalation and resolution with Corporate IT.
• Lead IT security awareness and training initiatives across the organization.
• Support and advise local IT and business teams on security and compliance matters.
• Ensure IT projects and technical solutions comply with security standards, audit requirements, and architectural guidelines.
• Manage external vendors and ensure adherence to contractual KPIs and SLAs related to security and compliance.
• Oversee internal and external audit activities on IT processes

Work Experience

• Minimum 5–7 years of experience in IT Security, IT Risk, or Compliance roles.
• Extensive knowledge of information security principles, cybersecurity frameworks (e.g., NIST, ISO 27001), and risk management practices.
• Working knowledge of security auditing, vulnerability assessments, and risk mitigation.
• Experience with main security technologies such as firewalls, intrusion detection systems, SIEMs, encryption protocols, cloud security principles (mainly MS Azure).
• Solid knowledge of data privacy regulations (GDPR) and compliance requirements.
• Strong plus:
• Experience with security standards PCI-DSS
• Relevant certifications CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or similar
• Understanding of artificial intelligence and machine learning applications in security.

Soft Skills

• Strong leadership and communication skills
• Ability to influence stakeholders at different organizational levels.
• Strong analytical skills and ability to manage stakeholders across different functions

Education

• Degree in Information Technology, Computer Science, Cybersecurity or a related field.
• Strong knowledge of IT security frameworks and risk management methodologies.
• Good understanding of data protection and privacy regulations (e.g., GDPR and other applicable local laws).

Travel availability: Low

Language Requirement: English: Advanced

This announcement has been published by The Adecco Group, via Tolmezzo 15, 20132 Milan, Italy –

Posting date: