Global IT Security Regional Manager

At Avolta (SIX: AVOL), our people are at the driving force behind our success. With a team of over 76,000 individuals representing more than 150 nationalities, we are a truly global company driven by passion, innovation, and excellence.

Born from the combination of Dufry and Autogrill, Avolta is redefining the travel experience through the dedication and expertise of our diverse workforce. Across 73 countries and 1,000 locations, our teams bring energy, creativity, and commitment to delivering world-class travel retail and food & beverage experiences.

We operate across multiple channels - including airports, motorways, cruise ships, ports, railways, and more - offering endless opportunities for collaboration and growth. Our people are empowered to make an impact, supported by a culture that values teamwork, development, and innovation.

Sustainability and social responsibility are embedded in our strategy, ensuring we grow in a way that benefits both our employees and the communities we serve.

Are you looking for a dynamic, international career where your contributions truly matter? Join Avolta and be part of a team that’s shaping the future of travel - together.

PURPOSE OF THE ROLE

The role focuses on managing the Secure Development Lifecycle (SDLC), API management, and application security. It involves analyzing security risks and implementing measures to protect critical applications and data. The position requires understanding IT security accreditation and compliance standards. A key responsibility is ensuring regulatory compliance and safeguarding systems against internal and external threats. Ultimately, the role strengthens the organization’s security posture and supports secure application delivery.

This position reports to the Global IT Security Head and is based at the Madrid HQ.

RESPONSIBILITIES

• Plan, research, and design robust security measures for applications and internal development projects.
• Conduct vulnerability testing, risk analysis, and security assessments to identify and mitigate potential threats.
• Manage and protect APIs, ensuring secure integration and data exchange.
• Update and upgrade security systems proactively to maintain optimal protection.
• Test and validate application security to ensure compliance and expected behavior.
• Provide technical leadership and guidance to the security team, fostering best practices.
• Define, implement, and maintain corporate security policies and procedures aligned with industry standards.

WHAT WE ARE LOOKING FOR

• University degree in applied sciences such as Engineering, Systems Design, Computer Science, Business, or a related field.
• Security certifications such as CISSP, CISA, CRISC.
• Architecture certifications like TOGAF and Cloud platforms (AWS, Azure).
• Knowledge of OWASP and SDLC best practices.
• Minimum 5 years of experience in information security focused on application protection and development projects.
• Proven experience in IT Architecture.
• Ability to capture business and technical requirements to assess vulnerabilities, threats, and threat probabilities.
• Experience in identifying and mitigating technical risks.

Due to certain email system settings, some of our messages may occasionally land in your junk or spam folder. To ensure you don’t miss any important updates regarding your application, please check these folders regularly and mark our emails as ‘Not Spam’ if needed.

We look forward to connecting with you soon!