Lead Architect - Cybersecurity

Are you passionate about cybersecurity and have at least 8 years of experience in security management? We would like to give you the chance to boost your career and learn more about application & cloud security, governance, risk management, and compliance in a dynamic international environment.

What are your responsibilities as Lead Architect Cybersecurity?

You will lead the ideation and implementation of our organization's security and compliance posture, overseeing staff, tools, and processes to ensure a robust cybersecurity framework. Your role will involve the execution of strategic initiatives aimed at enhancing the overall security resilience of our SSDLC and CCH Tagetik SaaS offering.

You will also serve as a bridge between local CCH Tagetik security initiatives and Wolters Kluwer corporate security departments, ensuring alignment with global security strategies while maintaining agility to address business-specific needs.

Our security department is based in Lucca where all the teams are working closely together in developing and maintaining secure products for our major industries such as banking, insurance, automotive and food and beverage. We leverage teamwork, self-organization and proactivity as the best security solutions come from collective intelligence and collaborative decision-making.

What You'll Do:

• Maintain ISO27001 / ISO22301 Certifications and SOC1/SOC2 Framework compliance through management of certification processes.
• Coordinate disaster recovery planning and testing with relevant stakeholders.
• Manage security exceptions, including risk acceptance, compensating controls, and expiration tracking.
• Support client security and compliance requests, including questionnaires, meetings, and technical documentation.
• Oversee Security Information and Event Management (SIEM) tools, ensuring real-time monitoring and proactive threat detection.
• Lead the Vulnerability Management process, including classification, prioritization, remediation planning, and verification of fixes.
• Conduct comprehensive risk assessments and develop risk treatment plans for security and compliance risks.
• Orchestrate effective response strategies for security incidents, minimizing impact and ensuring swift resolution.
• Manage the entire penetration testing lifecycle, including vendor selection, scope definition, engagement coordination, findings review, and remediation tracking.
• Support Cyber Security Operations on complex cloud infrastructures (AWS, Azure).
• Act as the primary point of contact during third-party security audits, coordinating responses and providing evidence for compliance requirements.
• Coordinate the implementation of security action items from audits and management reviews into development and product backlogs.
• Lead and mentor a security team, providing guidance and fostering professional development.
• Collaborate with Product Management to address security requirements and their implications on architecture.
• Develop and maintain security policies, procedures, and standards to ensure consistent security practices across the organization.
• Report security metrics and KPIs to executive leadership, providing insights on the organization's security posture.

You have:

• Bachelor's degree in Computer Science, Cybersecurity, or related field (work experience may substitute for education requirements).
• Strong knowledge of ISO 27001:2022, SSAE 18, ISO 22301, NIST Cybersecurity Framework.
• Experience in security and vulnerability assessment, gap analysis, risk assessment and management.
• Solid understanding of cloud security principles and practices across major platforms (AWS, Azure, GCP).
• Experience leading security teams and managing security operations.
• Strong knowledge of SIEM tools and security monitoring practices.
• Experience with penetration testing and vulnerability management processes.
• Familiarity with DevSecOps practices and secure software development lifecycle.
• Excellent communication and presentation skills.
• Experience in incident response and management.
• Fluency in Italian and proficiency in English.

Nice to have:

• ISC2 or other security certifications.
• Experience with Agile methodologies (Scrum, Kanban).
• Experience with Infrastructure as Code and automation tools.
• Knowledge of compliance requirements for financial services industry.
• Experience with cloud-native security tools and practices.

What do we offer you at CCH Tagetik part of Wolters Kluwer?

• Flexible working hours and flexible working policy (3 days a week from home, 2 days a week in the office).
• Modern office in an old coffee factory where you can work together in teams and connect with your colleagues. Just outside the walls of Lucca and close to the train station.
• English classes and full access to E-learning platforms such as Pluralsight, LinkedIn Learning and Udemy.
• Possibility of certification paths such as cloud providers certifications, security certifications, and more.
• Development plans to help you steer your career path. Annual performance and salary reviews.
• Community and teambuilding events like the global code games, networking events and Wolters Kluwer value days.

#LI-Hybrid

Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.