Cyber Risk Specialist trieste

Cyber Risk Specialist
Trieste
Friuli Venezia Giulia, trieste

Generali is a major player in the global insurance industry - a strategic and highly important sector for the growth, development and welfare of modern societies.

Within the Group IT Operations & Security Risk area we are looking for a Cyber Risk Specialist.

Cyber Risk Specialist able to design, implement and steer the Cyber Security Risk Management Framework targeting the high level, high impact Cyber related threats with the aim of enhancing the Generali Group IT Security posture.

The position is a critical role within a small team of high skilled resources in the Group Head Office with the primary objective of ensuring the robustness of the Generali Cyber defenses.

The Cyber Security Specialist has to perform risk evaluation on Generali IT Assets working with both technical and business people.

The Specialist must be able to deal with complex business, IT and Information Security processes and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed.

Cyber Risk Specialist has to develop Awareness and Training Security program, initiatives and contents for all the companies in the Generali Group with the objective to improve the security posture of the Group.

Key responsibilities of the role will include:

- Establish scope of analysis and define analysis success parameters

- Collect relevant data points and guide local IT Security managers with calibrating input ranges

- Review results to identify potential outlier data inputs, identify potential cyber threats, analyze the risks and recommend controls based on the analysis results

- Analyze existing cyber security mitigation strategies / controls and assess their effectiveness

- Writing detailed reports containing findings, observations and recommendations

- Identify and analyze cyber threat scenario to be considered in the risk analysis

- Define program and initiatives of security awareness and training for the Generali Group

- Develop contents and assets to be used in all companies of Generali Group for security training, awareness campaign, phishing simulation activities, cyber crisis simulation, top manager security induction, etc.

Must have:

- Risk Analysis experience - preferably with NIST, ISO framework

- A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber-attack simulation

- Understanding how cyber impacts business objectives

- Ability to understand business and technical implications

- Knowledge of cyber threat vectors, both generally and sector-specific

- Knowledge of current cyber threat trends and approaches

- Architecture, topology, ports and protocols, services

- Knowledge of emerging technologies, such as cloud, Internet of Things (IoT), data analytics / machine learning, block chain / digital currency / distributed leger technology

- A good knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication

- Knowledge of different threat actor categories (nation state, criminal, general hacker, hacktivists) and their common techniques

- Knowledge of cyber risk estimation methodology and tool

Soft skills:

- Strong operational focus, ability to drive topics and deliver results even under pressure and time constraints

- Superior communication skills and ability to manage a wide array of different stakeholders

- An inquisitive, or problem-solving, mindset

- Strong Team player

Education and certifications:

- Master's degree

- Information security certifications (e. g. , CISSP, CISA, CISM, CRISC, or GIAC) are desired;

- Minimum two /three years of experience in security