Head Of Security Governance Milano

Head Of Security Governance
Milano
Lombardia, Milano

As governance function of the Chief Security Officer (CSO) division of Generali Operations Service Platform (GOSP), the head of Security Governance will report directly to the CSO and will have a tight interaction with the other CSO departments as well as with other divisions / departments of GOSP. Moreover, the Head of Security Governance will also have direct contacts with the customer Chief Information Security Officers (CISOs) for collecting demand requirements, report monthly KPIs and statistics, and discuss security strategy. The head of Security Governance will be responsible for properly establishing, maintaining, and evolving over time the governance framework for the CSO division of GOSP, overseeing customer relationship management, security controls and reporting, strategy definition, security advisory, business continuity, disaster recovery, and crisis management. The Security Governance department is composed of 3 units structured as follows: Security Controls & Reporting: responsible for periodical reporting, KPIs, and external certifications, Audit & Compliance support. It Standards & Projects: Support GOSP project initiatives to ensure compliance towards security policies and guidelines, maintain and develop the GOSP security process and procedures, support definition of the GOSP security strategy. BC & DR Management: responsible for Business Continuity, Disaster Recovery processes, as well as yearly BIA review and DR tests. Main tasks: Establish and maintain over time the CSO Strategic plan defining security strategic initiatives in cooperation with the main CSO departments, as well as integrating Group strategic guidelines. Maintain updated the CSO process library, policies and guidelines, ensuring continuous compliance toward Group regulation, local legislations, and customer requirements. Establish an effective security control, monitoring, and reporting process for periodical reporting both to customer CISOs as well as GOSP stakeholders, highlighting main security trends and activities conducted by the CSO area. Guarantee a yearly review and re-assessment of main ISO / ISAE certifications for GOSP branches. Establish a security validation process to effectively validate GOSP project initiatives ensuring security requirements and guidelines are considered and embedded in each project. Establish a periodical project committee for the CSO area to keep track of the expenditure approval and related CSO projects. Maintain an overall view over CSO budget and expenditure process. Define and maintain the CSO service catalogue, adjusting it over time according to the new services and technologies adopted and offered by GOSP to its customers. Define and maintain over time the GOSP Business Continuity & Disaster Recovery strategy and procedures, ensuring a tight alignment with the main GOSP customers. Plan, coordinate, and execute yearly DR tests to prove the resilience of the BC/DR plans, involving all needed GOSP technical areas as well as customer relevant stakeholders. Perform a yearly review of GOSP BIA interacting with the main process/service owners. Increase security awareness on ICT systems and BCM/DR of the company. Establish GOSP crisis management process following the Group guidelines. Ensure compliance and manage audit security activities. Guarantee the adoption of the physical security requirements defined by GHO with regards to Data Center and on-premises in collaboration with GOSP Facility Management and Facility Service Providers of buildings. Requirements: Degree in Computer Science / Economics / Business Administration or equivalent work experience in similar positions. Minimum 5 years of experience in managerial positions. Solid IT and Security knowledge foundation. Knowledge of the main Cyber Security frameworks such as NIST, ENISA. Familiar with ISO 27001 and ISAE3402 certifications. Proficient English (at least CEFR B2, preferred C1, written/spoken). Previous experience in a leadership position with coordination of international teams and resources. Direct experience in international organizations. Proved success in customer management and handling of complex situations. At least one Certification in Security area, more preferred: ISO/IEC 27001 Lead Auditor, ISACA CISM, ISACA CISA, (ISC2) CISSP, COBIT5/COBIT2019, ITIL. Skills: Excellent interpersonal communication, project management and leadership skills. Must be able to communicate effectively with stakeholders and customers. Results oriented, cross-functional leadership with proven success partnering with internal and external stakeholders. Attention to detail with flexibility in addressing changing requirements. Excellent in preparation of reports and presentations, as well as in exposure. Very good analytical skills. Good experience in finance management and planning. Able to work in a complex and international environment. Capable of keeping committed and motivated all team members working in remote locations. Nice to have: Availability to travel occasionally in Europe. Additional Information: Contract Type: Permanent J-18808-Ljbffr