Cybersecurity Specialist

Cyber Security Specialist

We are looking for a Cyber Security Specialist to join our Tech & Digital Operations & Cybersecurity team. Reporting to the Cybersecurity Manager the specialist will contribute to the enhancement, and maintenance of cybersecurity tools, processes, and governance, with a strong focus on regulatory compliance (e.g. NIS2 and equivalent frameworks) and Group security standards.

The position plays a key role in developing and operating cybersecurity compliance and governance activities, including the definition, monitoring, and reporting of adherence to applicable regulations, internal policies, and security frameworks.

In addition, the role works closely with internal Tech & Digital teams and external suppliers on a daily basis to support incident and risk management, security operations, and the definition of cybersecurity requirements within business projects, tenders, and contractual discussions.

📊 Your day-to-day activities

Compliance, Policy & Framework:

• Design, operate, and continuously improve processes and controls to ensure compliance with evolving cybersecurity regulations (including NIS2 and other applicable national or international regulations).
• Contribute to the maintenance, review, and optimization of the Group IT Security Policy Framework, ensuring alignment with regulatory expectations, best practices, and business needs.
• Support and coordinate internal and external audit activities, including evidence collection, gap analysis, remediation tracking, and follow-up actions.
• Collaborate with IT, and Business stakeholders to define cybersecurity requirements for IT and business projects

Security Operations & Risk Management:

• Support outsourced security operations activities and improvement projects in collaboration with internal IT teams:
• SOC monitoring, incident management, and investigation
• Security tooling, integrations, and control health monitoring
• Security awareness Training and phishing simulation campaigns
• Vulnerability and identity management process
• Cyber Threat Intelligence (CTI) and threat analysis

💡 Who we’re looking for

• Knowledge In the application of compliance (NIS2, GDPR) and regulatory aspects of cybersecurity and Common Security Frameworks (NIST).
• Strong understanding of Risk assessment methodologies, Control frameworks and control testing, Compliance monitoring and reporting
• Hands-on experience supporting or managing internal and external audits (IT / security / compliance audits)
• Fluent English

✨ In return we offer:

• Comprehensive welfare package including short working week during summer months
• Hybrid working policy (10 days a month remote working)
• Company restaurant service
• Access to our corporate gym
• A fast paced and dynamic international context

💬 What next? 

• Our Talent Acquisition Team will assess your application and if you have what we’re looking for, you'll be contacted for an initial interview
• If you make it to the short list, you’ll be interviewed by the Hiring Manager and if necessary, other members of the hiring panel
• In some cases, you may be required to show us your skills via technical challenge.

☕ Who we are:

Our Group was founded in Turin in 1895, has been owned by the Lavazza family for four generations. As one of the world’s most important coffee roasters, we operate in more than 140 countries through our brands, subsidiaries and distributors, with a total of over 5,500 employees.

Every day we operate in all sectors of the coffee industry, offering our products through every channel and positioning our brands as a high-quality blend.

We are a community of single origins united into a perfect blend, humans enriching one another through our mutual diversity.

Awakening a better world every morning: the commitment we make every single day.

#LI-RH1 

#torino