The CTAO (Cherenkov Telescope Array Observatory) will be the world’s largest and most powerful ground-based observatory for gamma-ray astronomy at very-high energies. The Observatory has recently moved into its most exciting phase of development: the construction phase. Teams around the world are working together to make the CTAO reality. And with sites and staff located in Italy, Germany, Spain, and Chile, the CTAO Central Organisation, which manages the construction and operation of the Observatory, is at the very centre of these activities.

For its headquarters in Bologna, Italy, the Central Organisation is seeking a Chief Information Security Officer (CISO) to design, lead, and implement a comprehensive cybersecurity strategy for the observatory’s distributed, high-performance scientific and operational environments. This senior leadership position reports directly to the CTAO Director General, with the mission to protect CTAO’s global computing infrastructure, research data, and reputation from cyber threats while ensuring compliance with European cybersecurity regulations, including NIS2, GDPR, and the Cyber Resilience Act. The CISO will cooperate with the CTAO Computing Coordinator, as well as the Computing and IT teams, to develop and implement the security strategy for the protection of the CTAO.

Key Responsibilities:

• Develop and execute the CTAO’s cybersecurity and IT risk management strategy, ensuring alignment with scientific and organisational objectives.
• Establish and maintain an Information Security Management System (ISMS) compliant with ISO/IEC 27001 and NIST standards.
• Oversee implementation of technical controls and incident response systems, including endpoint protection, intrusion detection, and network security.
• Lead and coordinate the creation of the CTAO Computer Emergency Response Team (CERT), managing incident handling and forensic capabilities across all sites.
• Define and maintain cybersecurity policies, procedures, and risk frameworks, ensuring adherence to European and national cybersecurity laws.
• Collaborate with IT, technical, administrative, and scientific teams across international sites to ensure secure computing operations, data exchange, and infrastructure integrity.
• Advise CTAO leadership on risk management, compliance, and security governance.
• Promote a culture of cybersecurity awareness and provide training to staff and collaborators.

Qualifications and Experience:

• University degree in Computer Science, Cybersecurity, Information Technology, or a related discipline.
• Minimum five years of progressively responsible experience in information and cyber security, including leadership roles in complex or research environments.
• In-depth understanding of network and host-based attacks, risk management, and defence architectures.
• Proven knowledge of EU cybersecurity frameworks (NIS2, GDPR, ISO 27001, NIST).
• Experience with incident response, malware triage, log analysis, and forensic methods.
• Excellent command of English (spoken and written).

• Desirable Qualifications:
•  
• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor.
• Experience in international or multi-site scientific collaborations.
• Familiarity with cloud and high-performance computing environments.
• Working knowledge of additional European languages.

Workplace: Bologna, Italy. Travel will be required.

Contract: open-term, full-time

Deadline for Applications: 14 June 2026 

Apply Here: https://ctao.bamboohr.com/careers/56?source=aWQ9MTU%3D

For more information about the CTAO, please visit www.ctao.org. For more information about the advertised position, contact CTAO HR at ctao-hr@cta-observatory.org. 

For this job posting we would like to encourage people that comply with the Italian law 68/99 to send us their applications.

Applications are accepted without distinction on any grounds of gender, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, gender identity, property, birth, disability, age or sexual orientation.