IT Chief Information Security Officer

Kering is a global, family-led luxury group, home to people whose passion and expertise
nurture creative Houses across couture and ready-to-wear, leather goods, jewelry, eyewear and beauty: Gucci, Saint Laurent, Bottega Veneta, Balenciaga, McQueen, Brioni, Boucheron, Pomellato, Dodo, Qeelin, Ginori 1735, as well as Kering Eyewear and Kering Beauté.
Inspired by their creative heritage, Kering Houses design and craft exceptional products and experiences that reflect the Group’s commitment to excellence, sustainability and culture.
Kering is strengthening its cybersecurity posture in a context of growing threats and digital transformation across its prestigious portfolio of luxury houses. To achieve this, a dedicated team of cybersecurity experts globally ensures comprehensive protection for the group and its brands.
We are currently looking for a GUCCI CISO & Deputy Group CISO to join our cybersecurity leadership team, reporting directly to the Group CISO.

You will lead cybersecurity operations for GUCCI directly and as a Kering Deputy Group CISO structure Cybersecurity practice for Bottega Veneta, Brioni & Pomellato, working alongside experienced security professionals and in close collaboration with GUCCI CTIO, IT teams, and corporate security functions. This is a hands-on leadership role where you’ll build and orchestrate security capabilities across all domains – from governance and compliance to detection and response – while supporting the group’s digital transformation and protecting the reputation of our iconic brands.
As GUCCI CISO & Kering Deputy Group CISO, you will be responsible for:
Defining and implementing the cybersecurity strategy across GUCCI and other activities, aligned with the group’s security framework structured around five pillars: Prevent, Comply, Protect, Detect & React, and Recover
Deputizing for the Group CISO in steering committees and executive meetings when needed
Building, leading, and developing dedicated cybersecurity teams within GUCCI, including recruiting talent and defining team structures
Managing internal resources focused on security projects (Prevent pillar) and industrial cybersecurity (Protect pillar)
Risk, Compliance & Policy Framework

Defining and deploying information security policies tailored to GUCCI operations & across other houses
Maintaining and evolving cyber risk mapping for subsidiaries, including project risk assessments and security remediation tracking
Ensuring compliance with industry standards and regulations (PCI DSS, GDPR, ISO27001, local cybersecurity laws, etc.)
Leading third-party security management, including supplier audits and vendor risk assessments
Overseeing the deployment and optimization of technical security controls across GUCCI and other subsidiaries (infrastructure, cloud, applications, OT/industrial systems)
Defining and implementing business continuity and disaster recovery plans for critical systems
Championing secure-by-design principles in digital transformation projects
Designing and rolling out engaging cybersecurity awareness programs across GUCCI and other subsidiaries employees (communications, e-learning, events, gamification, etc.)
Building a security-conscious culture that balances protection with the creative and operational needs of GUCCI and other houses
Bachelor’s or Master’s degree in Computer Science, Information Systems, or Cybersecurity, ideally complemented by relevant security certifications (CISSP, CISM, ISO 27001 Lead Implementer, GIAC, SANS, or demonstrable equivalent expertise)
Experience: Minimum 8-10 years in IT/cybersecurity roles with demonstrated progression, including:
Track record of building or scaling security functions in complex, multi-entity environments
Strong understanding of cybersecurity across all domains: governance, risk management, security architecture, cloud security (AWS, Azure, GCP), network security, application security, endpoint protection, SOC/SIEM operations, incident response, and business continuity
Solid grasp of risk analysis methodologies (EBIOS, ISO 27005, NIST, etc.)
Knowledge of secure infrastructure design, systems administration, networking, cloud technologies, and industrial/OT security concepts
Deep knowledge of relevant regulations and frameworks (GDPR, PCI DSS, ISO 27001, NIS2, local data protection laws)
Ability to quickly assimilate new standards and translate regulatory requirements into practical security measures

Genuine enthusiasm for cybersecurity and technology, with a constant drive to learn and stay ahead of emerging threats
Organized & Agile: Able to juggle multiple priorities across different entities while maintaining focus on strategic objectives
Cultural Sensitivity: Appreciation for the unique culture, creativity, and brand values of luxury fashion houses
Languages

Native Italian
Fluent English is mandatory
xrdbqlu It opens up opportunities for people to express their talent, both individually and collectively and it helps foster our ability to adapt to a changing world. As an Equal Opportunity Employer, we welcome and consider applications from all qualified candidates, regardless of their background
Full time