It Security Governance Specialist trieste

It Security Governance Specialist
Trieste
Friuli Venezia Giulia, trieste

The IT Security Governance Specialist, part of the IT Security Governance unit, supports group cyber security strategy oversight through the monitoring of the implementation of the Security initiatives, projects and programs necessary to improve the security posture of the Group, in line with the organization's risk appetite.

In addition he/she will support the definition and implementation of the security organization, of the security strategy and of security regulation at Group level.

Key responsabilities of the role will include:

- Defines the Group cyber security strategy and regulation (policies, guidelines) related to IT/Cyber Security

- Establishes adequate security organization at Group level

- Coordinate, support and monitor the status of implementation of Group strategy and regulation at local level

- Support and monitor the status of implementation of Group strategy and regulation at local level preparing periodic executive reports and KPI reports

- Establish and maintain a strong Project Portfolio Management tool, as well as monitor the progress, issues, risks and costs of the security initiatives

- Manage security audits and compliance with regulation about security

- Manage security assessments, based on leading information security standard (NIST Framework), at Group level in order to evaluate maturity levels

- Ensure adoption of security measures in new solutions according to the security by design principle

- Ensure adequate alignment at Group level about security activity

- Monitors changes on the security landscape in terms of emerging risks, regulatory compliance, new technologies and cross industry/national cyber security initiatives

The role implies frequent contacts at an international level with Generali Group companies in the different countries and regions where the Group operates.

**Must have

- 6 years of experience in IT/Cyber Security in international group or major consulting firms

- Degree-level education (Engineering, Computer Science or equivalent)

- Extensive experience on information security governance, IT risk management, regulatory compliance (e. g.

GDPR) and audit procedures

- Basic technical knowledge and experience on security technologies (like Endpoint protection, Mobile Security, Data Protection, Cloud Security, etc. )

and on cyber security capabilities (SIEM, SOC, CERT, Vulnerability Management, Threat intelligence etc.

)

- Experience as project manager

- Strong knowledge of main Information Security standards and framework (ISO27001, ISO22301, ISF, NIST, COBIT etc )

- Ability to work in large international security projects

- Advanced problem solving, analytical and communication skills

- Demonstrated ability to work effectively as part of a team

- Excellent written and oral English language skills

**Nice to have

- Specific experience in financial services industry would be a plus

- Certifications on Information Security (e. g.

CISSP, CISM, ISO27001, CISA, ISO22301, GSEC, CEH, CSX etc. )

would be a plus