Milan, Lombardy, Italy
Chief Information Security Officer at Arxada, accountable for cybersecurity, IT/OT risk, and digital trust across a global specialty chemicals business serving life sciences and industrial markets. I build security programs that let the business move faster, not slower. Focus areas: Cyber resilience & risk: enterprise-wide risk management aligned to NIS2, NIST CSF, and ISO 27001. Board-level reporting that translates technical risk into business consequence. Secure AI adoption: governance frameworks that let teams deploy AI productively without leaking data, IP, or regulatory exposure. Practical guardrails over theoretical policy. IT / OT convergence: protecting manufacturing environments where availability and safety are non-negotiable. Bridging the gap between plant engineers and security teams. M&A and carve-out: security due diligence, Day-1 readiness, and TSA exit. Integration of acquired entities and clean carve-out of divested ones. Scaling security: Recruiting, developing, and empowering security and GRC talent across multiple countries. Earlier in my career I led country IT organizations and global delivery for multinationals, which shaped how I think about technology as a business lever rather than a cost center.
Global Chief Information Security Officer accountable for the entire IT and OT security program across 24 plants and 17 R&D centers. Responsible to align appropriate information security controls with AI, data privacy, NIS2 and GxP requirements. Thought leader and trusted advisory to organizational stakeholders and executive leadership team. Main activities: build an effective security team, enable proactive versus reactive thinking, analyze current provider capabilities as well as future state needs and augment the security organization with the appropriate balance of outsourced providers and internal resources. Key areas of expertise: Information Security Management Systems, Operational Technologies (OT) and IoT, NIS2, Supply chain risk management, IS Risk Management, GDPR and DPIA, Security Architecture, Cyber Security, Business Continuity management and Disaster recovery plan, Cloud Security and adoption strategy, Information classification, Identity and Access Management, IT Audit, Information Security Awareness campaigns, CIRT, Crisis and incident management, KPIs and KRIs
Group Chief Information Security Officer globally responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected Main activities: develop, implement and monitor a comprehensive enterprise information security and IT risk management program for manufacturing sites and trading offices. Design and implement sustainable strategies for all security relevant topics. Definition and adoption of cybersecurity technologies and processes to allow for change and growth. Coach and mentor for the overall IT and business community with regards to Cybersecurity. Key areas of expertise: Information Security Management Systems, Operational Technologies and IoT, Supply chain risk management, IS Risk Management, GDPR and DPIA, Security Architecture, Cyber Security, Business Continuity management and Disaster recovery plan, Cloud Security and adoption strategy, Information classification, Identity and Access Management, IT Audit, Information Security Awareness campaigns, CIRT, Crisis and incident management, KPIs and KRIs.
Senior manager responsible for design and respect of IT Compliance across Bayer landscape (CISO). Main activities: drive information security in terms of assessment and risk appetite; liaise with executive leadership to establish security capabilities in business processes (“Security by design”) and ensure decisions are made consistently across the organization, drive cultural and organizational change, develop security services Key areas of expertise: Information Security Management Systems, IS Risk Management, GDPR and DPIA, design and implementantion of Technical and Organizational Measures, Security Architecture , Business Continuity management and Disaster recovery plan, Cloud assessment and adoption strategy, Information classification, Identity and Access Management, IT Audit, Information Security Awareness campaigns. Responsible to align IT development with strategic business objectives; optimizing cost of services through a mix of internal and external resource with focus in these key areas: cloud services, communication technologies and digital innovation. Architect for new services with a “user centric” approach; responsible for IT contract management in multiple areas comprising information security, security operations, communication services, customer service, and asset management .
Service manager globally responsible for all activities related to End User Services including hardware selection, management and software deployment; definition of IT support procedures that helps keep workers productive while achieving high customer satisfaction. Responsible for definition of the right tools and services that optimize organizational performance and user productivity, by aligning business and strategies with state of the art technology including, but not limited to, Office 365 and cloud providers.
Information Security Manager responsible for definition, implementation and monitoring of IS Security Policies. Service manager responsible for coordination of all activities related to network and desktop infrastructure inside and outside the IS department. Responsible of complex IT projects, management of cost centers, budgeting, contracts and SLAs management.
IT Security policies design and implementation, auditing and testing services, 2nd level technical support, maintenance and administration of third parties infrastructure.