Information Risk Management Specialist BOLOGNA

Information Risk Management Specialist
Bologna
Emilia Romagna, BOLOGNA

Information Risk Management Specialist CRIF S. p. A. is looking for an Information Risk management specialist to join our headquarters at Bologna (BO). The new joiner will be part of the Information Risk Management & Internal Controls Department and be involved in activities related to Information Security Risk Management, supporting also countries outside Italy concerning data and IT security. The new joiner will be a subject-matter expert, executing in-depth assessments of the IT processes and information security environments, intercepting critical points and risky areas, and supporting the company's business areas with pragmatic solutions. This position is ideal for someone who is highly passionate about ICT risks, compliance, and cybersecurity and enjoys constantly learning and sharing. Reporting to the CRIF Information Risk Manager he/she will be responsible for the following:Supporting the definition and implementation of Information security processes, controls and Information security management system (e. g.

ISO2700x schema);Actively joining international security and risk management projects, ensuring the achievement of project milestones cooperating with our business owners, IT managers, IT operation teams and working in true partnership with decision-makers across the business;constantly monitoring all aspects related to the assigned information risk management program;providing support to our referent in understanding internal/external requests and solving issues according to corporate standards and best practices on Information Security (e. g.

for new products, new security certification);taking part in the Third-Party security and risk management process through ICT risk assessments, due diligence and periodic monitoring, to ensure compliance with our Company supply chain standards. Job requirements and mandatory skills:Master Degree in Management Engineering / Computer Information Technology / Computer Engineering;Fluent knowledge of at least Italian and English language is essential;Availability for mission abroad;2+ years of professional experience in ICT Risk Management, Security Governance and Security framework assessing in international firms, within a financial or technology industry (Big 4 desirable)Experience in the following positions would be beneficial : Cybersecurity and Risk Advisory, ICT Project & Program Management, Risk & Control Evaluation, IT Security GovernanceStrong Knowledge of Security international standards, regulations and best practices (e. g.

COBIT, ISO family, NIST Cybersecurity Framework, DORA, NIST2, . . ) and ability to concretely apply those standards and principles to the ongoing businessKnowledge of data protection and payment-sensitive data rules and principles, with particular reference to GDPR, PCI and PSD2Other soft skills: Flexibility, Problem-solving, Initiative, Focus on results, Communication both oral and writtenAdditional non-mandatory skills to be considered a plus for the position:Experience with forensic auditing and professional certification (e. g.

CIA, CISA, CRISK, LA ISO27001)Master in Cyber SecurityWe are looking for someone with the ability to face complex processes and autonomously manage internal/external customer relationships with a consulting approach.

Why should you apply?

Excellent growth and advancement opportunities, challenging environment and international context.