Generali is a multinational player in the global insurance industry, present in more than 50 countries, 61 million of customers, +70000 employees.
The security of customers, employees and commercial partners data, and the continuity of our business services and activities, are one of the most important priority of Generali.
The Security Governance Specialist, part of the Group Security Governance unit, supports the Group Security strategy oversight through the monitoring of the Security initiatives, projects and programs implementation necessary to improve the maturity level - and, generally speaking, the security posture - of the Group.
He/she will, at Group level, implement a proper Group oversight model and monitor and periodically report KPIs regarding Security, at executive level; define the Group Security Internal Regulations; support the definition and implementation of the security organization and the design of Group Security Strategy itself.
The role complements its task with the Cloud Policy definition and monitoring; finally, he/she will coordinate and support the Group companies in the implementation of the Group Outsourcing Policy and the continuous maintenance of the Outsourcing Policy in Assicurazioni Generali SpA.
The main responsibilities of the Security Governance Specialist will be:
- Support the definition of the Group Security Strategy and related plans
- Design, monitor and periodically report KPIs at executive level, also through effective dashboarding
- Manage the Security posture assessments, based on leading information Security standard (NIST Framework), in order to evaluate maturity levels at Group level
- Monitors changes on the Security landscape in terms of emerging risks, regulatory compliance, new technologies and cross industry/national Security initiatives, ensuring that Security requirements are in compliance with external and internal regulations
- Monitor the compliance with IT standards, guaranteeing the oversight of the cyber exposure, at Group level
- Perform the relevant reporting to Corporate Bodies and Group Chief Audit Officer function.
Moreover:
- Develop and maintain the Group Internal Regulation framework - related to IT/Cyber Security and Corporate/Physical Security, including the IRs related to Business Continuity and Disaster Recovery, Outsourcing and Cloud - ensuring the coordination and monitoring of the implementation status at local level
- Implement Business Continuity Management in Assicurazioni Generali perimeter, with the support of Branches BCM focal points
- Coordinate and support the Group Companies in the implementation of the Group Outsourcing Policy
- Manage the Security Project Budget and Portfolio at Group level.
The role implies frequent contacts at an international level with Generali Group companies in the different Countries and Regions where the Group operates.
Must have
- 5-6 years of experience in IT/Cyber Security in international group or major consulting firms; specific experience in financial services industry would be a plus
- Degree-level education (Engineering, Computer Science or equivalent)
- Extensive experience on Security governance, IT/Cyber risk management, regulatory compliance (e.g.
GDPR) and audit procedures
- Basic technical knowledge and experience on Cyber Security technologies (like Endpoint protection, Mobile Security, Data Protection, Cloud Security, etc.)
and capabilities (SIEM, SOC, CERT, Vulnerability Management, Threat intelligence etc.
)
- Experience as project manager
- Strong knowledge of main Information Security standards and framework (ISO27001, ISO22301, ISF, NIST, COBIT.
etc)
Soft skills
- Proactivity and independence in doing activities and making decisions
- Advanced problem solving, analytical and communication skills
- Demonstrated ability to work effectively as part of a team
- Ability to work in large international security projects