Job Detail

Dufry is the leading Travel Retailer, operating over 2,300 duty-free and duty-paid shops stores in 65 countries worldwide. Working at Dufry means working at the forefront of retail, with the opportunity to learn, move forward and enjoy the time spent working with your colleagues. With us, your career will develop and grow along with our endless opportunities.

As a member of our Global IT Community, you are responsible for the Cyber Security Incident Response locally, coordinating locally and with the global team any action required in case of an IT security incident. Delivering the global security agenda in the locations under remit, coordinating with the local teams the actions required.

Your main responsibilities:

• Work as part of the Global Security team, collaborating in Global Security initiatives and having primary responsibility on the delivery and support to the Division and countries


• Review and approve the design and implementation of security systems


• Adapt and implement global security policies, controls and drive security awareness initiatives in the Division


• Make sure that cybersecurity policies and procedures are communicated to all personnel and that compliance is enforced


• Maintain and review the company’s Incident Response Plan, and use it to review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities


• Maintain a current understanding of the IT threat landscape for the industry


• Ensure compliance with the changing laws and applicable regulations. Specific to PCI and GDP and any other local regulation


• Translate that knowledge to the identification of risks and actionable plans to protect the business


• Brief the executive team on status and risks, working with the Global CISO to define a remediation plan and strategy


• Communicate best practices and risks to all parts of the business, outside IT


• Understanding of emerging technologies in IT such as mobile payment technologies as well as the associated security risks

Your profile:

• Minimum 5 years of experience in the technical security area on the Retail sector


• Computer Science Engineer


• Deep knowledge of PCI DSS implementation and compliance


• Security Certifications, like: CISSP, CISA, CISM, ISO 27001 Lead Auditor


• Breadth of knowledge and skills across various security domains such as firewalls, SIEM, IDS/IPS, endpoint protection and/or EDR, web and email filtering, application control, multi-factor authentication, CASB, vulnerability management systems, IAM, PAM, and PKI


• Good understanding of application, network, operating system, and core infrastructure security concepts and concerns


• Understanding of emerging technologies in IT


• Excellent knowledge and understanding of operations, issues and challenges related to information security


• Demonstrated leadership and team-building ability


• Strong communication skills in English and able to translate technical issues to business language

Our offer:

• Develop and grow a professional career in the world’s leading travel retail company


• Gain valuable international work experience


• Work in a fast-paced environment with committed teams and a focus on results


• Use your talents, influence your community and make an impact on the ever-changing world of travel retail