Kering GUCCI Chief Information Security Officer & Deputy Group CISO

Kering is a global, family-led luxury group that houses a portfolio of prestigious fashion, leather goods, jewelry and lifestyle brands, including Gucci, Bottega Veneta, Saint Laurent, Balenciaga and others. The group combines creative heritage with a commitment to sustainability and innovation; cybersecurity is delivered through a centralized team that protects both group-level assets and the operational autonomy of individual Houses.

1. Define and execute the cybersecurity strategy for GUCCI and act as Deputy Group CISO across assigned houses, aligning initiatives with the group's five-pillar security framework: Prevent, Comply, Protect, Detect & React, Recover.
2. Serve as trusted security partner to GUCCI CTIO, house CIOs and technical teams; represent the Group CISO in executive steering committees and board-level briefings when required.
3. Build, lead and scale dedicated cybersecurity teams for GUCCI and oversee security practice for Bottega Veneta, Brioni and Pomellato, including recruitment, team structure and capability development.
4. Manage internal security resources and external providers to deliver programs across prevention, protection, detection and incident response; oversee architecture reviews and hands-on security initiatives.
5. Define, deploy and maintain information security policies and a cyber risk mapping program for subsidiaries, including project risk assessments and remediation tracking.
6. Ensure regulatory and standards compliance (PCI DSS, GDPR, ISO27001, NIS2 and applicable local laws); lead third-party security governance, supplier audits and vendor risk assessments.
7. Oversee deployment and optimization of technical controls across infrastructure, cloud, applications and OT/industrial systems; coordinate with corporate SOC and CSIRT to strengthen detection and response.
8. Define and implement business continuity and disaster recovery plans for critical systems and champion secure-by-design principles across digital transformation projects.
9. Design and deploy engaging cybersecurity awareness programs to foster a security-conscious culture that balances protection with creative and operational requirements.
10. Produce and communicate regular security dashboards and metrics to technical and non-technical stakeholders; coordinate external audits and manage remediation of findings.

1. Bachelor's or Master's degree in Computer Science, Information Systems, Cybersecurity or equivalent technical discipline.
2. Relevant professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer, GIAC or SANS coursework, or demonstrable equivalent expertise.
3. Minimum 8–10 years in IT/cybersecurity with progressive responsibility, including at least 3–5 years in leadership roles managing security teams or programs.
4. Proven experience building or scaling security functions within complex, multi-entity organisations; prior exposure to retail, e‑commerce or manufacturing environments is strongly advantageous.
5. Demonstrable knowledge of regulatory frameworks and standards (GDPR, PCI DSS, ISO27001, NIS2) and ability to translate requirements into operational controls.

1. AWS
2. Azure
3. GCP
4. SOC
5. SIEM
6. EBIOS
7. ISO 27005
8. NIST
9. PCI DSS
10. GDPR
11. ISO27001
12. NIS2
13. DevSecOps
14. secure SDLC
15. OT/industrial security

A seasoned cybersecurity leader with a minimum of 8–10 years in IT/cybersecurity roles, including 3–5 years managing security teams or programs and demonstrable hands-on experience across governance, architecture, cloud, SOC/SIEM operations, incident response and industrial/OT security.

Bachelor's or Master's degree in Computer Science, Information Systems, Cybersecurity or a closely related technical discipline; professional security certifications (CISSP, CISM, ISO 27001 Lead Implementer, GIAC, SANS or equivalent) highly desirable.

Kering fosters a collaborative environment that balances rigorous security with the creative freedom of its Houses. The group emphasises sustainability, diversity and respect for individual brand identities while promoting cross‑House cooperation and continuous learning among technical and business stakeholders.