ICT Information Security Compliance Analyst

We are

A global solutions provider focused on Healthcare ICT and mobile workflow solutions. Headquartered in Switzerland our business spans across 18 countries and has been supporting the healthcare industry for close to 160 years by providing them with technology to enable them to support their communities.

At Ascom our culture is built on four core values that guide how we operate every day. We are Customer focused ensuring that the people who rely on our solutions always come first. We are Innovative continually seeking new ways to improve how information flows and drives better decisions. We are Dedicated going the extra mile to deliver secure high-quality solutions. And we are Connected fostering collaboration across teams and geographies to strengthen both our work and our impact.

Purpose

ICT Information Security Compliance Analyst is a position within the ICT group. The main purpose of this position is to ensure that Ascom constantly maintains a high security posture in digital environments to build innovative solutions in healthcare while protecting these against cyber threats.

This position requires understanding and taking steps to mitigate risks and ensure the secure operation of the systems servers and network connections.

Role Overview

The ICT Information Security Compliance Analyst will assist in detecting investigating and defending against information security incidents targeting Ascoms infrastructure and data.

This includes ensuring that the organizations information systems comply with regulatory requirements internal policies and industry standards. This role also actively supports incident response activities to mitigate security threats and maintain compliance during and after incidents as part of the ICT Information Security team.

The applicant will also support in analyzing and resolving vulnerability issues in a timely and accurate manner and support in activity audits where required.

Job Focus Areas

Compliance & Governance

Monitor adherence to internal security policies industry standards and regulatory frameworks (e.g. GDPR ISO 27001 NIS2 NIST).

Support internal and external audits certification processes and periodic compliance reviews.

Develop maintain and update compliance documentation audit evidence and control registers.

Collaborate with cross-functional teams to ensure proper implementation of security protocols and requirements.

Ensuring security updates are in place across all systems performing security checks and troubleshooting activities.

Establish and maintain documentation standards to ensure traceability quality and serviceability of delivered security solutions.

Incident Response

Participate in the detection analysis and response to security incidents.

Contain mitigate and resolve security events efficiently.

Monitor network environments to identify suspicious activities anomalies or early signs of compromise.

Document incident activities and ensure compliance obligations are met during investigations.

Communicate system status planned interventions downtime and relevant changes to stakeholders in a clear and timely manner.

Risk Management

Identify security and compliance risks recommending corrective measures and mitigation strategies.

Support risk assessments vulnerability management and periodic evaluations of security controls.

Researching emerging threats and the mitigations that can provide protection.

Proactively collaborate with business units to address security issues and strengthen architectures in hybrid and multicloud environments.

Analyse network systems and infrastructure to ensure secure configurations and adherence to best practices.

Support third-party risk assessments and maintain compliance documentation repositories.

Training & Awareness

Promote information security awareness across the organization through training and engagement initiatives.

Ensuring recurrent and periodic reviews are in place in testing accuracy and applicability of information security trainings against emerging threats

Reporting

Prepare structured reports on security posture compliance status and incident response findings for management auditors and regulatory bodies.

Provide regular updates on security posture improvements and outstanding risk items.

Ensure documentation standards to preserve the traceability and serviceability of delivered security solutions.

Other duties as assigned

Required competencies
Education

Bachelors or Masters degree in Computer Science Cybersecurity Computer Engineering Information Security or a related field.

In the absence of a relevant degree an additional 5 years of proven experience may be considered.

Professional Experience

3-5 years of experience in Information Security with a focus on risk management governance and compliance.

Experience in ICT infrastructure security controls and enterprise technology environments.

Exposure to incident response processes security operations and associated tools.

Technical Knowledge

Strong understanding of Information Security Management Systems (ISMS) and control frameworks such as:

o ISO 27001 NIST Cybersecurity Framework NIS 2 Directive GDPR requirements

Experience reviewing and interpreting security scan results and remediating vulnerabilities

Familiarity with enterprise architectures including:

o Network and system architecture Enterprise directory services Integration architecture Identity and Access Management (IAM)

Familiarity with:

o Security monitoring practices Basic forensic techniques Cloud security controls and hybrid-environment security architectures SIEM tools

Regulatory & Risk Knowledge

Demonstrated understanding of data privacy laws and regulatory requirements.

Broad awareness of business impacting security threats detection methods and risk assessment methodologies.

Security Principles & Best Practices

Solid understanding of security principles cybersecurity lifecycle and security software management best practices.

Certifications (Preferred)

CISM CISA CISSP

CompTIA Security

GIAC GCIH (or similar incident response certifications)

About You

You are a professional who demonstrates strong technical expertise collaboration skills and a proactive mindset.

You are/have:

Knowledge of ICT security and infrastructure design with the ability to confidently defend technical positions while remaining open to incorporating others perspectives to refine solutions.

A good understanding of relevant ICT platforms software network architectures and hardware components.

High ethical integrity professionalism and diligence in all assigned tasks.

A strong team-oriented attitude with excellent interpersonal and organizational abilities.

Effective communication skills and the ability to collaborate seamlessly within distributed and cross functional teams.

A positive attitude with a willingness to share knowledge and support colleagues.

Commitment to continuous learning and personal development.

Confidence in making informed decisions even in ambiguous or evolving situations.

Strong analytical and problem-solving capabilities.

The ability to perform effectively under pressure.

Excellent time management skills with the capacity to work both independently and under supervision when required.

Strong written and verbal communication skills.

Willingness to participate in on call rotations in the event of a security incident or other emergencies requesting a minimum flexibility regarding working hours.

Work Environment

The work environment characteristics described here reflect the typical conditions encountered while performing the essential duties of this role.

Work Requirements

Adherence to all relevant Ascom Information Security policies and procedures related to Quality Security Safety Business Continuity and Environmental management systems.

Upholding company values and policies including those relating to ethics conduct and workplace safety.

Ability to obtain and maintain the required security clearance (candidates must either be EU citizens or have been legally working within the EU for the past five years).

Occasional travel to Ascom locations or customer sites to support operations within required timeframes.

Flexibility to accommodate minor variations in working hours including occasional scheduled weekend work for high priority project deliverables or major incident support.

Occasional international travel as required; employees must possess valid travel documents and be able to obtain a US VISA if necessary.

Language Requirements

Being fluent in English both written and spoken is a mandatory prerequisite ensuring effective communication with international teams stakeholders and external partners.

Department

ICT

Location

Scandicci (Florence) Italy

Workplace Attendance Requirements

Hybrid setup: 4 onsite days per week plus 1 remote day upon successfully passing the probationary period.