Within the Group IT Operations Security Risk unit, we are looking for a Cyber Risk Specialist able to design, implement, and steer the Cyber Security Risk Management Framework, targeting high-level and high-impact cyber threats, with the aim of enhancing the Generali Group IT Security posture.
This position is a critical role within a small team of highly skilled resources at the Group Head Office, with the primary objective of ensuring the robustness of Generali's cyber defenses.
The Cyber Risk Specialist performs risk evaluation on Generali's IT assets, working with both technical and business professionals.
The Specialist must be able to manage complex business, IT, and Information Security processes, assess the implications of current and emerging cyber threats, and recommend corrective actions where needed.Key responsibilities of the role will include:Design and apply cyber security risk management principles and methodologies to ensure that such risks are identified, managed and reported at Group level and in Assicurazioni GeneraliIdentify and analyze cyber threat landscape and sources/scenarios to be considered in the risk analysis, quantifying likelihood and impact associatedConduct specific assessments on first-line business applications, systems and processes according to an established Generali Group methodologyPerform the relevant reporting on cyber security risk to the required functionsAnalyze existing cyber security risk mitigation strategies / controls and assess their effectivenesscoordinate and monitor the cyber security risk guidelines / processes adoption and assessment execution across the whole GroupRequirementsOur ideal candidate will meet the following requirements:Risk Analysis experience – preferably with NIST, ISO frameworkA robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber-attack simulationUnderstanding how cyber risk impacts business objectivesAbility to understand business and technical implicationsKnowledge of cyber threat vectors, both generally and sector-specificKnowledge of current regulatory requirements in terms of cyber risk managementKnowledge of current cyber threat trends and approachesKnowledge of cyber risk impact on emerging technologies, such as Internet of Things (IoT), advanced data analytics / machine learning / Artificial Intelligence (AI), block chain / digital currency / distributed leger technologyA good knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authenticationKnowledge of different threat actor categories (nation state, criminal, general hacker, hacktivists) and their common techniquesKnowledge of cyber risk estimation methodology and toolSoft skills:Strong operational focus, ability to drive topics and deliver results even under pressure and time constraintsSuperior communication / presentation skills and ability to manage a wide array of different stakeholdersAn inquisitive, or problem-solving, mindsetStrong Team playerEducation and certifications:Master's degreeInformation security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) are desiredMinimum two /three years of experience in securityCompany ProfileGenerali is a major player in the global insurance industry – a strategic and highly important sector for the growth, development and welfare of modern societies.
At Generali we are transforming our business to deliver on our strategic ambition to become 'Lifetime Partner' for our Customers and Distributors.
#J-18808-Ljbffr