Global Cybersecurity & Compliance Sr. Specialist

What We Are Looking For

The Cyber security & Compliance Sr. Specialist supports the implementation, monitoring, and enforcement of cybersecurity measures and regulatory compliance across the organization. The role helps ensure that IT systems and processes align with internal security policies, data protection laws, and industry standards, including the NIS2 Directive (Network and Information Security). Key responsibilities include conducting risk assessments, supporting audits, managing security controls, incident response coordination, and promoting awareness to foster a culture of security and compliance throughout the organization.

Key Activities Include:

Cybersecurity & Risk Management 

• Supporting the implementation and monitoring of cybersecurity controls to protect organizational systems and data. 
• Assisting in the execution of risk assessments and security reviews to identify vulnerabilities and ensure mitigation actions. 
• Contributing to the development and maintenance of the organization’s cybersecurity posture in alignment with NIS2 requirements. 
• Supporting incident detection, response, and reporting activities in accordance with regulatory timelines (e.g., NIS2 24hour incident notification). 
• Monitoring threat intelligence feeds and assisting in the assessment of emerging cyber threats.

Compliance & Regulatory Management 

• Ensuring compliance with internal security policies, regulatory requirements (e.g., GDPR, NIS2 Directive, eIDAS), and industry standards (e.g., ISO 27001, NIST CSF, CIS Controls). 
• Supporting the implementation of NIS2 security measures, including supply chain security, vulnerability management, and business continuity planning. 
• Contributing to internal and external audits by providing evidence, documentation, and followup on remediation activities. 
• Managing the lifecycle of IT compliance documentation and maintaining uptodate records of controls, procedures, and compliance evidence. 
• Monitoring regulatory developments and assisting in the interpretation and application of new compliance obligations.

Collaboration & Governance 

• Collaborating with IT, business stakeholders, and thirdparty vendors to ensure security and compliance requirements are embedded in processes, projects, and procurement activities. 
• Supporting vendor risk assessments and thirdparty security evaluations in line with NIS2 supply chain requirements. 
• Participating in governance committees and security steering groups to provide compliance insights and recommendations.

Awareness & Training 

• Supporting security awareness initiatives and training programs to promote a culture of compliance and accountability. 
• Developing and delivering targeted training on regulatory requirements (e.g., NIS2, GDPR) and security best practices.

What You’ll Need:

Required Qualifications & Experience 

• 2-5 years of experience in cybersecurity, IT compliance, IT risk management, or IT audit roles. 
• Knowledge of cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, CIS Controls) and relevant regulations (e.g., GDPR, NIS2 Directive). 
• Familiarity with risk assessment methodologies, audit processes, and incident response procedures. 
• Ability to interpret and apply compliance requirements to realworld systems and business processes. 
• Strong organizational and documentation skills, with exceptional attention to detail.

Technical & Soft Skills 

• Understanding of network security, vulnerability management, and security monitoring tools. 
• Knowledge of supply chain security and thirdparty risk management practices. 
• Good communication and interpersonal skills to work effectively with crossfunctional teams and external auditors. 
• Analytical mindset and proactive approach to identifying and resolving compliance issues. 
• Ability to work independently and manage multiple priorities in a dynamic environment.

Preferred Qualifications 

• Relevant certifications such as:  ISO 27001 Lead Implementer or Lead Auditor  Certified, Information Systems Auditor (CISA),  Certified Information Security Manager (CISM),  GIAC Security Essentials (GSEC) or equivalent  NIS2 or cyber resiliencerelated certifications (preferred). 
• Experience with compliance management platforms and GRC (Governance, Risk & Compliance) tools. 
• Knowledge of healthcare industry regulations and data protection requirements.
• Familiarity with incident response and crisis management processes.

Language Skills 

• Fluency in English (written and spoken) is required. 
• Knowledge of additional European languages is an advantage.

Amplifon is working on boosting a Winning Culture that will lead our employees towards the future, starting from the improvement of our Winning Workplace. Aligned to this goal, we offer a hybrid working policy, allowing employees to work 6 days/month remotely.