Ph3Decades of innovation /h3 pAscom is a global solutions provider focused on healthcare ICT and mobile workflow solutions. The vision of Ascom is to close digital information gaps allowing for the best possible decisions—anytime and anywhere. Ascom’s mission is to provide mission‑critical, near real‑time solutions for highly mobile, ad hoc, and time‑sensitive environments. /p pbWe are… /b /p pA global solutions provider focused on Healthcare ICT and mobile workflow solutions. Headquartered in Switzerland, our business spans across 18 countries, and has been supporting the healthcare industry for close to 160 years by providing them with technology to enable them to support their communities. /p pAt Ascom, our culture is built on four core values that guide how we operate every day. We are bCustomer focused /b, ensuring that the people who rely on our solutions always come first. We are bInnovative /b, continually seeking new ways to improve how information flows and drives better decisions. We are bDedicated /b, going the extra mile to deliver secure, high‑quality solutions. And we are bConnected /b, fostering collaboration across teams and geographies to strengthen both our work and our impact. /p h3Purpose /h3 pICT Information Security Compliance is a position within the ICT group. The main purpose of this position is to ensure that Ascom constantly maintains a bhigh security posture in digital environments /b to build innovative solutions in healthcare, while protecting these against cyber threats. /p pThis position requires understanding and taking steps to mitigate risks and ensure the secure operation of the systems, servers, and network connections. /p h3Role Overview /h3 pThe ICT Information Security Compliance Analyst will assist in detecting, investigating, and defending against information security incidents targeting Ascom’s infrastructure and data. /p pThis includes ensuring that the organization’s information systems comply with regulatory requirements, internal policies, and industry standards. This role also actively supports bincident response activities /b to mitigate security threats and maintain compliance during and after incidents as part of the ICT Information Security team. /p pThe applicant will also support in analyzing and resolving vulnerability issues in a timely and accurate manner, and support in activity audits where required. /p h3Job Focus Areas /h3 h3Compliance Governance /h3 ul liMonitor adherence to internal security policies, industry standards, and regulatory frameworks (e.g., GDPR, ISO 27001, NIS2, NIST). /li liSupport internal and external audits, certification processes, and periodic compliance reviews. /li liDevelop, maintain, and update compliance documentation, audit evidence, and control registers. /li liCollaborate with cross‑functional teams to ensure proper implementation of security protocols and requirements. /li liEnsuring security updates are in place across all systems, performing security checks and troubleshooting activities. /li liEstablish and maintain documentation standards to ensure traceability, quality, and serviceability of delivered security solutions. /li /ul h3Incident Response /h3 ul liParticipate in the detection, analysis, and response to security incidents. /li liContain, mitigate, and resolve security events efficiently. /li liMonitor network environments to identify suspicious activities, anomalies, or early signs of compromise. /li liDocument incident activities and ensure compliance obligations are met during investigations. /li liCommunicate system status, planned interventions, downtime, and relevant changes to stakeholders in a clear and timely manner. /li /ul h3Risk Management /h3 ul liIdentify security and compliance risks, recommending corrective measures and mitigation strategies. /li liSupport risk assessments, vulnerability management, and periodic evaluations of security controls. /li liResearching emerging threats and the mitigations that can provide protection. /li liProactively collaborate with business units to address security issues and strengthen architectures in hybrid and multi‑cloud environments. /li liAnalyse network systems and infrastructure to ensure secure configurations and adherence to best practices. /li liSupport third‑party risk assessments and maintain compliance documentation repositories. /li /ul h3Training Awareness /h3 ul liPromote information security awareness across the organization through training and engagement initiatives. /li liEnsuring recurrent and periodic reviews are in place in testing accuracy and applicability of information security trainings against emerging threats /li /ul h3Reporting /h3 ul liPrepare structured reports on security posture, compliance status, and incident response findings for management, auditors, and regulatory bodies. /li liProvide regular updates on security posture, improvements, and outstanding risk items. /li liEnsure documentation standards to preserve the traceability and serviceability of delivered security solutions. /li /ul pOther duties as assigned /p h3Required competencies Education /h3 ul liBachelor’s or Master’s degree in Computer Science, Cybersecurity, Computer Engineering, Information Security, or a related field. /li liIn the absence of a relevant degree, an additional b5 years of proven experience /b may be considered. /li /ul h3Professional Experience /h3 ul li3-5+ years of experience in Information Security, with a focus on risk management, governance, and compliance. /li liExperience in ICT infrastructure, security controls, and enterprise technology environments. /li liExposure to incident response processes, security operations, and associated tools. /li /ul h3Technical Knowledge /h3 ul liStrong understanding of Information Security Management Systems (ISMS) and control frameworks such as: /li ul liISO 27001, NIST Cybersecurity Framework, NIS 2 Directive, GDPR requirements /li /ul liExperience reviewing and interpreting security scan results and remediating vulnerabilities /li liFamiliarity with enterprise architectures, including: /li ul liNetwork and system architecture, Enterprise directory services, Integration architecture, Identity and Access Management (IAM) /li liSecurity monitoring practices, Basic forensic techniques, Cloud security controls and hybrid‑environment security architectures, SIEM tools /li /ul liDemonstrated understanding of bdata privacy laws /b and regulatory requirements. /li liBroad awareness of bbusiness impacting security threats /b, detection methods, and risk assessment methodologies. /li liSolid understanding of bsecurity principles /b, cybersecurity lifecycle, and security software management best practices. /li /ul h3Certifications (Preferred) /h3 ul liCISM, CISA, CISSP /li liCompTIA Security+ /li liGIAC GCIH (or similar incident response certifications) /li /ul h3About You /h3 pYou are a professional who demonstrates strong technical expertise, collaboration skills, and a proactive mindset. /p pYou are/have: /p ul liKnowledge of ICT security and infrastructure design, with the ability to confidently defend technical positions while remaining open to incorporating others’ perspectives to refine solutions. /li liA good understanding of relevant ICT platforms, software, network architectures, and hardware components. /li liHigh ethical integrity, professionalism, and diligence in all assigned tasks. /li liA strong team‑oriented attitude with excellent interpersonal and organizational abilities. /li liEffective communication skills and the ability to collaborate seamlessly within distributed and cross‑functional teams. /li liA positive attitude, with a willingness to share knowledge and support colleagues. /li liCommitment to continuous learning and personal development. /li liConfidence in making informed decisions, even in ambiguous or evolving situations. /li liStrong analytical and problem‑solving capabilities. /li liThe ability to perform effectively under pressure. /li liExcellent time management skills, with the capacity to work both independently and under supervision when required. /li liStrong written and verbal communication skills. /li liWillingness to participate in on‑call rotations in the event of a security incident or other emergencies, requesting a minimum flexibility regarding working hours. /li /ul h3Work Environment /h3 pThe work environment characteristics described here reflect the typical conditions encountered while performing the essential duties of this role. /p h3Work Requirements /h3 ul liAdherence to all relevant Ascom Information Security policies and procedures related to Quality, Security, Safety, Business Continuity, and Environmental management systems. /li liUpholding company values and policies, including those relating to ethics, conduct, and workplace safety. /li liAbility to obtain and maintain the required security clearance (candidates must either be EU citizens or have been legally working within the EU for the past five years). /li liOccasional travel to Ascom locations or customer sites to support operations within required timeframes. /li liFlexibility to accommodate minor variations in working hours, including occasional scheduled weekend work for high priority project deliverables or major incident support. /li liOccasional international travel as required; employees must possess valid travel documents and be able to obtain a US VISA if necessary. /li /ul h3Language Requirements /h3 pBeing fluent in English, both written and spoken, is a mandatory prerequisite, ensuring effective communication with international teams, stakeholders, and external partners. /p h3Department /h3 pICT /p h3Location /h3 pScandicci (Florence), Italy /p h3Workplace Attendance Requirements /h3 pHybrid setup: 4 on‑site days per week, plus 1 remote day upon successfully passing the probationary period. /p /p #J-18808-Ljbffr