🌎
This job posting isn't available in all website languages
📁
IT & Transformation
💼

As governance function of the Chief Security Officer (CSO) division of Generali Operations Service Platform (GOSP), the head of Security Governance will report directly to the CSO and will have a tight interaction with the other CSO departments as well as with other divisions / departments of GOSP. Moreover, the Head of Security Governance will also have direct contacts with the customer Chief Information Security Officers (CISOs) for collecting demand requirements, report monthly KPIs and statistics, discuss security strategy.

The head of Security Governance will be responsible to properly establish, maintain, and evolve over time the governance framework for the CSO division of GOSP, overseeing customer relationship management, security controls and reporting, strategy definition, security advisory, business continuity, disaster recovery and crisis management.

 

The Security Governance department is composed of 3 units structured as follow:

  • Security Controls & Reporting: responsible for periodical reporting, KPIs and external certifications, Audit & Compliance support
  • It Standards & Projects: Support GOSP project initiatives to ensure compliance towards security policies and guidelines, maintain and develop the GOSP security process and procedures, support definition of the GOSP security strategy
  • BC & DR Management: responsible for Business Continuity, Disaster Recovery processes, as well as yearly BIA review and DR tests

 

Main tasks:

  • Establish and maintain overtime the CSO Strategic plan defining security strategic initiatives in cooperation with the main CSO departments, as well as integrating Group strategic guidelines
  • Maintain updated the CSO process library, policies and guidelines, ensuring continuous compliance toward Group regulation, local legislations, and customer requirements.
  • Establish an effective security control, monitoring and reporting process for periodical reporting both to customer CISOs as well as GOSP stakeholders, highlighting main security trends and activities conducted by the CSO area
  • Guarantee a yearly review and re-assessment of main ISO / ISAE certifications for GOSP branches
  • Establish a security validation process to effectively validate GOSP project initiatives ensuring security requirements and guidelines are considered and embedded in each project, evaluating where CSO support is also required to properly support the following project implementation activities
  • Establish a periodical project committee for the CSO area to keep track of the expenditure approval and related CSO projects
  • Maintain an overall view over CSO budget and expenditure process
  • Define and maintain the CSO service catalogue, adjusting it overtime according to the new services and technologies adopted and offered by GOSP to its customers
  • Define and maintain overtime the GOSP Business Continuity & Disaster Recover strategy and procedures, ensuring a tight alignment with the main GOSP customers
  • Plan, coordinate and execute yearly DR tests to proof the resilience of the BC/DR plans, involving all needed GOSP technical areas as well as customer relevant stakeholders
  • Perform a yearly review of GOSP BIA interacting with the main process / service owners
  • Increasing security awareness on ICT systems and BCM/DR of the company
  • Establish GOSP crisis management process following the Group guidelines
  • Ensure the compliance and manage audit security activities
  • Guarantee the adoption of the physical security requirements defined by GHO with regards to Data Center and on premises in collaboration with GOSP Facility Management and Facility Service Providers of buildings

 

Requirements:

  • Degree in Computer Science / Economics / Business Administration or equivalent work experience in similar positions
  • Minimum 5 years of experience in managerial positions
  • Solid IT and Security knowledge foundation
  • Knowledge of the main Cyber Security frameworks such as NIST, ENISA
  • Familiar with ISO 27001 and ISAE3402 certifications
  • Proficient English (at least CEFR B2, preferred C1, written/spoken)
  • Previous experience in a leadership position with coordination of international teams and resources
  • Direct experience in international organizations
  • Proved success in customer management and handling of complex situations
  • At least one Certification in Security area, more preferred: ISO/IEC 27001 Lead Auditor, ISACA CISM, ISACA CISA, (ISC2) CISSP, COBIT5/COBIT2019, ITIL 

 

Skills:

  • Excellent interpersonal communication, project management and leadership skills. Must be able to communicate effectively with stakeholders and customers
  • Results oriented, cross-functional leadership with proven success partnering with internal and external stakeholders.
  • Attention to detail with flexibility in addressing changing requirements
  • Excellent in preparation of reports and presentations, as well as in exposure
  • Very good analytical skills
  • Good experience in finance management and planning
  • Able to work in a complex and international environment 
  • Capable to keep committed and motivated all team members working in remote locations

 

Nice to have:

  • Availability to travel occasionally in Europe

 

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

Banca Generali S.p.A.

Milano, Lombardia, Italy

📁 IT & Transformation

Italy, Veneto, Italy

📁 IT & Transformation

Generali Investments Holding S.p.A.

Milano, Lombardia, Italy

📁 IT & Transformation