Cyber Security Specialist

Enabling What's Next

Who We Are Born in 2004 as Techedge, we have almost 20 years of expertise that enabled us to become what we are today: Avvale! This path led us to be able to count on over 4,000 employees, present in 13 countries around the world. What We Do We help public and private companies to re-design their business models through the development of innovative and sustainable solutions, which have a positive impact not only on our customers but also on the world we live in! How we do Through circular economy models, made possible thanks to technological innovation. What you will find In Avvale we value our talents and your path with us will be full of: Flexibility, thanks to our policy you can work remotely in Italy, up to 5 days a week, and in SEE and Switzerland up to 5 months a year; Training & development as you can participate to training on the job, certifications, foreign languages classes and you will have a yearly budget to buy training courses; Gender equality & inclusion, the obtaining of Pdr 125 is a proof of Avvale commitment to an inclusive and fair work environment! Role and responsibilities We are looking for a mid-level Cyber Security Specialist to join our Security team. Reporting directly to the Security Manager, this role will be pivotal in governing the company's defence infrastructure and overseeing compliance and data protection processes. The ideal candidate has a solid technical foundation and a pragmatic approach to supporting Governance, Risk & Compliance (GRC) processes. They will act as the operational liaison between the company, the external Security Service Providers and internal IT stakeholders, balancing technical operations with document and regulatory management. Oversee and monitor key corporate security controls (XDR/EDR, Email Security Gateway, MDM, DNS Protection, DLP) and manage Level 2 activities through ITSM/Ticketing systems. Support the Security Manager in defining, implementing, and monitoring security policies, standards, and procedures, ensuring compliance with frameworks and regulations such as ISO 27001, NIST, and GDPR. Coordinate operational activities with MSSPs and internal stakeholders, manage escalated alerts, and support Incident Response activities, including remediation tracking. Support Vulnerability Management activities by analysing scan results, prioritizing risks, and monitoring patching and remediation activities following Penetration Tests or Threat Hunting exercises. Contribute to GRC and Third-Party Risk Management activities, including reviewing Security Policies and SOPs, assessing vendors, and monitoring supply chain security posture. Support internal/external audits and assist in collecting the required documentation for compliance assessments and customer security reviews. Promote cybersecurity awareness across the organization through training initiatives, phishing simulation campaigns, and tracking employee and contractor participation. Support the Security Manager in drafting, reviewing, and continuously updating Security Policies and SOPs in line with major regulatory frameworks. Monitor the organization's supply chain security posture through Cyber Threat Intelligence and Security Rating platforms, supporting Vendor Assessments through supplier questionnaire analysis and initial Gap Analysis activities. Support the completion of customer compliance questionnaires and assist in collecting evidence and documentation for internal and external audits. Contribute to promoting a cybersecurity-aware culture across the organization through training initiatives and awareness programs. Required Skills 3–5 years of experience in similar roles such as Security Analyst, SecOps Specialist, or GRC Analyst, with a solid technical background. Practical experience with SOC operations, Incident Management processes, and the Vulnerability Management lifecycle. Good architectural understanding of modern security defenses for Endpoints, Email, Networks, and DLP technologies. Strong familiarity with major security and privacy standards/frameworks, including GDPR, PCI-DSS, HIPAA (or equivalent), ISO 27001, and NIST. Knowledge of IT Service Management (ITSM) processes. Excellent communication skills, with the ability to effectively interact with external vendors and internal IT teams without direct hierarchical authority. Strong analytical mindset, organizational autonomy, and accuracy in documentation and process management. Fluent knowledge of the English language Come with us You will have the opportunity to work and get in touch with international players who will allow you to increase your know-how in view of future challenges! We do not consider applications without CV. Avvale promotes equal opportunity. We enhance diversity and are committed to creating an inclusive environment in compliance with applicable non-discrimination and data protection laws.