Job Description

Amplifon is an Italian multinational company and the global leader in hearing care solutions and services for retail expertise, customization and consumer care. More than 20,000 professionals every day, in a network of 10,000 points of sale, give back the joy of hearing, feeling and living to thousands of people across the world.At Amplifon, we believe people are the most important component of our success. Thanks to our best-in-class Hearing Care Professionals and front and back office teams, we are able to put the everyday taps, pops and splashes back into the lives of our customers. We believe that it’s only through strong investment in talent engagement, continuous professional development, support and recognition that our people can exceed every limit and build a fulfilling career.

What We Are Looking For

The Cyber security & Compliance Sr. Specialist supports the implementation, monitoring, and enforcement of cybersecurity measures and regulatory compliance across the organization. The role helps ensure that IT systems and processes align with internal security policies, data protection laws, and industry standards, including the NIS2 Directive (Network and Information Security). Key responsibilities include conducting risk assessments, supporting audits, managing security controls, incident response coordination, and promoting awareness to foster a culture of security and compliance throughout the organization.

Key Activities Include:

Cybersecurity & Risk Management

• Supporting the implementation and monitoring of cybersecurity controls to protect organizational systems and data.
• Assisting in the execution of risk assessments and security reviews to identify vulnerabilities and ensure mitigation actions.
• Contributing to the development and maintenance of the organization’s cybersecurity posture in alignment with NIS2 requirements.
• Supporting incident detection, response, and reporting activities in accordance with regulatory timelines (e.g., NIS2 24hour incident notification).
• Monitoring threat intelligence feeds and assisting in the assessment of emerging cyber threats.

Compliance & Regulatory Management

• Ensuring compliance with internal security policies, regulatory requirements (e.g., GDPR, NIS2 Directive, eIDAS), and industry standards (e.g., ISO 27001, NIST CSF, CIS Controls).
• Supporting the implementation of NIS2 security measures, including supply chain security, vulnerability management, and business continuity planning.
• Contributing to internal and external audits by providing evidence, documentation, and followup on remediation activities.
• Managing the lifecycle of IT compliance documentation and maintaining uptodate records of controls, procedures, and compliance evidence.
• Monitoring regulatory developments and assisting in the interpretation and application of new compliance obligations.

Collaboration & Governance

• Collaborating with IT, business stakeholders, and thirdparty vendors to ensure security and compliance requirements are embedded in processes, projects, and procurement activities.
• Supporting vendor risk assessments and thirdparty security evaluations in line with NIS2 supply chain requirements.
• Participating in governance committees and security steering groups to provide compliance insights and recommendations.

Awareness & Training

• Supporting security awareness initiatives and training programs to promote a culture of compliance and accountability.
• Developing and delivering targeted training on regulatory requirements (e.g., NIS2, GDPR) and security best practices.

What You’ll Need:

Required Qualifications & Experience

• 2-5 years of experience in cybersecurity, IT compliance, IT risk management, or IT audit roles.
• Knowledge of cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, CIS Controls) and relevant regulations (e.g., GDPR, NIS2 Directive).
• Familiarity with risk assessment methodologies, audit processes, and incident response procedures.
• Ability to interpret and apply compliance requirements to realworld systems and business processes.
• Strong organizational and documentation skills, with exceptional attention to detail.

Technical & Soft Skills

• Understanding of network security, vulnerability management, and security monitoring tools.
• Knowledge of supply chain security and thirdparty risk management practices.
• Good communication and interpersonal skills to work effectively with crossfunctional teams and external auditors.
• Analytical mindset and proactive approach to identifying and resolving compliance issues.
• Ability to work independently and manage multiple priorities in a dynamic environment.

Preferred Qualifications

• Relevant certifications such as: ISO 27001 Lead Implementer or Lead Auditor Certified, Information Systems Auditor (CISA), Certified Information Security Manager (CISM), GIAC Security Essentials (GSEC) or equivalent NIS2 or cyber resiliencerelated certifications (preferred).
• Experience with compliance management platforms and GRC (Governance, Risk & Compliance) tools.
• Knowledge of healthcare industry regulations and data protection requirements.
• Familiarity with incident response and crisis management processes.

Language Skills

• Fluency in English (written and spoken) is required.
• Knowledge of additional European languages is an advantage.

Amplifon is working on boosting a Winning Culture that will lead our employees towards the future, starting from the improvement of our Winning Workplace. Aligned to this goal, we offer a hybrid working policy, allowing employees to work 6 days/month remotely.