Amplifon

Global Cybersecurity Specialist

Amplifon  •  €35k - €48k/yr  •  Italian Republic (Hybrid)  •  1 day ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Who we are

Amplifon is an Italian multinational company and the global leader in hearing care solutions and services, built on retail expertise, customization and consumer care. More than 20,000 professionals every day, in a network of 10,000 points of sale across 25 countries, give back the joy of hearing, feeling and living to thousands of people across the world.

In Amplifon we believe people are the most important component of our success. Thanks to our best-in-class Hearing Care Professionals and front- and back-office teams, we are able to put the everyday taps, pops and splashes back into the lives of our customers. We believe that it is only through strong investment in talent engagement, continuous professional development, support and recognition that our people can exceed every limit and build a fulfilling career.

At Amplifon we are evolving our technological infrastructure and elevating our security posture, integrating cutting-edge innovations into our operational cybersecurity framework. As we prioritize innovative services for delivering hearing healthcare, robust cybersecurity is critical to ensure the security and integrity of these systems. In parallel, we are modernizing our internal asset management processes, leveraging digital tools for comprehensive, end-to-end life-cycle management.

We are looking for a talented Global Cybersecurity Specialist to join our Global IT — Cyber Security team. Reporting to the Global Cyber Security Associate Director, you will work hands-on across penetration testing, infrastructure and application security assessment, vulnerability management and security-platform operations. You will also take an active part in security monitoring and incident response, and contribute to our information security governance program (ISO/IEC 27001, NIS2).

This is a high-impact, cross-country role in a fast-moving environment, where your work directly protects customer data and business-critical services and helps shape our asset management strategy.

Key Responsibilities

Offensive Security & Assessments

  • Penetration testing & assessment — plan and perform penetration tests and security assessments on web and mobile applications, internal systems and internet-facing infrastructure, identifying vulnerabilities, misconfigurations and exposure (e.g. unmanaged accounts, weak authentication, unnecessary services, exposed personal data).

  • Remediation ownership — produce clear, risk-based reports and drive remediation with system, application and infrastructure owners through to closure, then re-test to confirm fixes are effective.

  • Controlled validation — support authorized, red-team-style validation activities (e.g. credential/dump validation, lateral-movement checks) to confirm real-world exploitability.

Vulnerability Management

  • Lifecycle management — run and continuously mature the vulnerability management lifecycle: discovery, triage, prioritization, remediation tracking and verification.

  • Strategy — collaborate in the development and execution of robust vulnerability management strategies across the global estate.

Security Platforms & Infrastructure

  • Platform operations — operate, configure and tune security consoles and platforms across endpoint, network and identity — for example EDR (e.g. SentinelOne), endpoint and patch management (e.g. Ivanti) and network security / firewalls (e.g. Cisco ASA) — ensuring compliance with company policies and industry best practice.

  • Access & credential hygiene — strengthen access and credential hygiene on shared and critical systems (account reviews, deprovisioning of stale users, credential rotation, reduction of data exposure).

Security Monitoring & Incident Response

  • Detection & response — contribute to security monitoring and to the detection, analysis, containment and recovery phases of security incidents, working alongside the SOC and specialized external partners (e.g. threat-intelligence and incident-response providers).

  • Post-incident hardening — support lessons-learned and hardening activities to reduce the likelihood and impact of recurrence.

Governance, Risk & Compliance

  • ISMS & regulation — contribute to the Information Security Management System (ISO/IEC 27001), information security risk assessments and regulatory alignment (e.g. NIS2), keeping security practices consistent with company policies.

Asset Management, KPIs & Suppliers

  • Asset lifecycle & KPIs — support asset life-cycle management and endpoint standardization initiatives using digital tools, and identify and track KPIs relevant to a secure, well-governed asset and vulnerability portfolio.

  • Supplier management — oversee the engagement and management of external suppliers and partners (penetration testing, vulnerability and security services), managing scope, quality and delivery against organizational expectations.

Requirements

Must have

  • Bachelor's degree in a STEM field with a focus on cybersecurity or a related discipline — or equivalent hands-on experience.

  • Solid understanding of penetration testing tools and methodologies (network and web/mobile application testing; familiarity with frameworks such as OWASP).

  • Working knowledge of vulnerability management, security assessment techniques and common attack techniques (e.g. authentication weaknesses, credential attacks such as pass-the-hash, lateral movement).

  • Experience with security platforms across endpoint, network and identity (e.g. EDR, endpoint/patch management, firewalls).

  • Awareness of information security frameworks and regulations (e.g. ISO/IEC 27001, NIS2, GDPR / personal-data protection).

  • Proactive mindset, dedicated to continuous improvement and adept at navigating transformational initiatives.

  • Strong problem-solving skills with a meticulous, process-oriented approach.

  • Ability to thrive in a dynamic, fast-paced, multi-country environment while managing multiple priorities concurrently.

  • Exceptional communication skills and a collaborative, team-oriented attitude.

  • Fluency in English is mandatory.

Nice to have

  • Industry certifications such as OSCP, CEH, GIAC, CompTIA Security+ or equivalent.

  • Scripting and automation skills (e.g. Python, PowerShell, Bash).

  • Exposure to cloud security (Azure / AWS / GCP) and Active Directory security.

  • Prior experience in complex IT projects or within high-growth, multi-country contexts.

  • Working proficiency in Italian is a plus for our Milan-based Global IT team.

Location HQ Milan, Italy (Hybrid - allowing employees to work 6 days per month remotely)

Compensation & Benefits

Applicable Collective Agreement: CCNL Commercio (Terziario, Distribuzione e Servizi)

Contractual Level: Employee (1-2) level

Contract Type: Permanent – Full Time

The reference Gross Annual Salary is approximately in the range of €34.500 - €48.000. The actual compensation will be commensurate with the candidate’s experience and specific skills and knowledge and also to the educational background.

The position is also eligible for an annual Company bonus (‘premio di risultato’) linked to business performance, in line with Company policies.

Benefits

  • €750 Annual Welfare plan for your personal well-being across a wide range of services
  • Health Insurance: Fondo Est healthcare coverage + an additional Accident Insurance
  • Supplementary pension scheme: option to enrol in the Fondo Fon.Te with employer contributions
  • Office Perks: On-site canteen and free company parking
  • BeWellProgram: Free access to learning platforms and training programs. We invest in your growth through ongoing learning opportunities, while also offering special corporate discounts, dedicated services for you and your loved ones, and initiatives focused on your wellbeing and physical health

Equal Opportunities Statement

Amplifon is an equal opportunity employer committed to providing a diverse and equitable workforce environment. We believe that through valuing our uniqueness and respecting our differences, we can achieve more, and that diversity adds to our culture. We encourage applications from all genders, corners of the world and individual backgrounds

Amplifon

About Amplifon

As the global leader in the hearing care retail industry, we have been changing the lives of millions of customers across the globe since 1950. With stores and offices spanning across 26 countries and a team of 20,300 dedicated professionals, we take pride in setting the industry standard as we empower people to rediscover all the emotions of sound.

Amplifon operates in: Argentina, Australia, Belgium, Canada, Chile, China, Colombia, Ecuador, Egypt, France, Germany, Hungary, India, Israel, Italy, Mexico, New Zealand, Panama, Poland, Portugal, Spain, Switzerland, the Netherlands, UK, United States, and Uruguay.

Read our Netiquette and help us create an inclusive environment to interact within: https://corporate.amplifon.com/en/netiquette?formSearchPage=true

Industry
Beauty & Wellness
Company Size
10,000+ employees
Headquarters
Milan, IT
Year Founded
1950
Social Media