SITE SECURITY MANAGER
Share this job
ROLE: IT/SITE SECURITY MANAGER
The Security Manager is responsible to manage all security aspects acting as Chief Information Security Officer (CISO) for the Milano personalization center, contributing to the business operation demands and pre-requisite of our clients, as part of the management team.
The SSM will have to manage a team of experts and the site resources to align the business activities against the security requirements.
In terms of physical/logical security, the maintenance of all security equipment, services and production process falls also under his mission for the whole site. Besides, it is his role to promote and improve the logical security following the IT governance of this area. Inside the logical process the key management will be key to perform all ceremonies between sites and customers, meeting the requirements of all international standards.
The security of our business operation is essential to our existence and a pre-requisite of our clients.
- Ensure protection of people, products, information and card holder data, following customer and certification agencies requirements.
- Define, update, implement and ensure compliance of the site security policy (based on General Security Policy), charter and annual objectives in line with ISO27001 standard for all aspects concerning the PSC.
- Participate in the ISO27001 audits as shadower for the Data Center and promote the information security management system in the whole site.
- Participate in the Business Continuity Plan with the plant manager and maintain the Disaster Recovery Plans.
- Ensure the personal data of all employees following the CNIL laws.
- Define, update and implement the site security documentation system.
- Train and promote the security rules for employees, contractors and visitors.
- Follow the PSC global security action plan and security indicators (inputs: internal/external audits, company policy, management reviews).
- Interface with police and certification agencies for audit following and alarms management.
- Act as Key Officer or Key Admin of the crypto systems either during key ceremonies or key sessions.
- Implementation of the necessary rules to ensure the reconciliation and protection of the sensitive assets using audit trails and their effectiveness in the PSC.
- Definition of the access rights and segregation of duties in the MILANO site.
- Governance of the IT area to ensure the implementation of the logical actions using the necessary tools (ePO console, Nessus scans, FW management, AD structure, DB user management, USB security device control, etc) to prevent any malicious thread.
- Follow the security requirements on the logistics and transport of sensitive materials (armoured transport and courier companies).
- Guarantee strict compliance as SPOC with Visa, MasterCard, Consorzio Bancomat or any other international security organization.
- Ensure closer relationship on security topics with the DCSO.
- Participate for continuous improvement of yield loss, productivity, inventory levels and surplus materials, in order to meet targeted manufacturing cost evolution.
- Control the annual budget to assure all necessary services, projects, providers, preventive maintenance trying to be cost effective.
People and relations
- Ensure the relationships with other departments, clients, certification entities and external providers.
- Ensure positive relations with local authorities and customer representatives during site visits.
- Ensure strong synergy between Milano PSC/DCT and other company partners.
- Knowledge of banking cards activity, technical background
- Human relations
- Computer skills
Experience / Proven records:
- 5 years experience in production environments or similar.
- Experience in security roles.
- Strong IT and networking background.
- Knowledge of smart cards and/or banking card industry technical aspects will be a plus.
- Communication and management skills
- Fluent Italian speaking.
- Proficiency in written and spoken English is mandatory.
- Minimum engineering degree with manufacturing experience (Master’s degree valued).
- Mandatory certifications: CISSP
- Appreciated certifications: CISA, CISM, OPST, Security+, CEH (Certified ethical hacker).
- International security requirements: PCI CP, PCI DSS regulations