Global IT Cyber Security Incident Response Lead (Sesto San Giovanni, Milan, IT)

Campari Group Careers

Want to be a crowd-stopper rather than a crowd-pleaser? Become a Camparista


At this point, you may not know exactly what it takes to be a Camparista , but you have the makings to be one of us. We’re the independent minded and passionate achievers in the spirits industry, innovating the iconic.


Be Part of Our Signature Mix


Role Context and Mission


The Global IT Cyber Security Incident Response Lead plays a vital role in Campari's cyber security and OT cyber security operations. This role reports to the Global Security Operations Manager and operates in a diverse, multi-vendor environment. The analyst collaborates with different functions and platform teams, as well as Campari’s strategic security vendor, managing the Security Operations Center (SOC). A major part of this role is focused on automation, ensuring incidents are handled quickly and effectively, creating standards, processes and the related KPI’s and reporting dashboards.


Key Responsibilities


– Security Incident Management:

· Collaborate with the SOC for efficient incident responses.

· Contribute to the development, execution, and review of attack simulations involving IT and business stakeholders.

· Participate in post-incident reviews, using feedback to refine response protocols, playbooks, SOPs, and the knowledge base. Aim to improve security metrics such as MTTD, MTTA, and MTTI.

· Drive automation/orchestration in incident resolution.

· Work with the SOC for accurate and timely evidence collection and forensic analysis in the event of data breach security incidents to determine the root cause and its impact.

· Develop and update the playbook/runbook systems and the correlating rules.

– Security Alert Management:

· Manage security alerts with the SOC.

· Oversee SIEM rules specific to Campari.

– Security Infrastructure Management & Collaboration:

· Assist in maintaining security tools.

· Handle systems like XDR and EDR in collaboration with the SOC provider.

· Participate in assessments and simulations to identify threats.

– Threat Hunting and Intelligence:

· Cooperate with the SOC to conduct threat hunting and Attack Simulation and Path Visualization using proper tools and collaborate with red/blue teams for attack simulations and resilience testing.

· Undertake regular vulnerability assessments.

· Work with Threat Intelligence providers to stay updated on new threats.

– Strategic Business & Cybersecurity Support:

· Support business strategies focused on OT observability.

· Offer insights during merger and acquisition processes.

· Collaborate with cybersecurity architecture and risk management teams.

· Ensure alignment with regulations and industry standards.


Who You Are


– Minimum 5 years of proven experience in Cyber Security in a multinational company with an IT outsourcing model or in an IT Consultancy firm focused on technology services. A past experience in FMCG/Industrial field is a plus.

– Fluent Italian and English, any other European language is an advantage;

– Degree in cyber security, computer science, engineering or equivalent is preferred;

– Proven experience in incident handling, playbook/runbook handling and forensic evidence collection.

– Experience with OT/IOT.

– Experience with cloud services and cloud SIEMs

– Experience with WAF, web proxy, firewalls, intrusion prevention/detection systems, mail content scanning appliances, EDR / XDR , and domain name servers desired;

– Experience in System Administration and Network;

– Excellent communication skills, versatility, flexibility and ability to work under pressure;

– Skilled in security incident response.

– Able to cooperate with various teams and vendors.

– Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.

– Ability to work under pressure.

– Cultural awareness and excellent team working skills.

– Strong problem-solving and troubleshooting skills


Cetifications (Nice To Have)


· Certified Information Systems Security Professional (CISSP)

· Cisco Certified CyberOps Associate

· GIAC Incident Handler (GCIH)

· Offensive Security Certified Professional (OSCP)

· EC-Council’s Certified Incident Handler (E|CIH)

· Incident Handling & Response Professional (IHRP)

· Certified Computer Security Incident Handler (CSIH)


Additional Requirements


Availability to travel internationally for short periods.

Our commitment to Diversity & Inclusion:

At Campari Group we believe in building more value together, thus we see diversity in all forms as a source of enrichment. Our employment policies and practices ensure that we are committed to providing equal employment opportunities in all aspects of employment without regard to any individual’s race, religion, creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, sexual orientation, gender identity or characteristics or expression, political affiliation or activity, age, veteran status, citizenship, or any other characteristic protected by law.


Note to applicants:

Your application will be assessed based on your abilities, expertise, general knowledge and experience, not because of any confidential, proprietary or trade secret information you may possess. You must not disclose to Campari Group any such information. In the event that you are asked a question that cannot be answered without disclosure of any confidential, proprietary or trade secret information (including from a current or prior employer or their vendors or customers), you must decline to answer the question.


Notice to third party agencies:

Please refrain from cold-calling or emailing our executive leadership team or the HR community directly. The Talent Acquisition department manages centralized recruiting operations globally, including the selection and management of external suppliers. Currently, our preferred supplier list is at full capacity. To ensure we have your information on file for future consideration, we kindly request that you complete the online form provided here.

Job Overview
  • Region
  • Categories

  • Receive job alerts:
    Your subscription could not be saved. Please try again.
    Your subscription has been successful.

    By subscribing below, you acknowledge that your email address will be transferred to Sendinblue for processing in accordance with their terms of use

Receive job alerts twice per week:

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Choose one or more global alerts or browse to the USA and UK alert pages:

USA Specific Job Alerts
UK Specific Job Alerts

Our marketing platform's terms of use