🌎
This job posting isn't available in all website languages
📁
IT & Transformation
💼

The SIEM & Security Detection unit of Generali Operations Service Platform S.r.l. (GOSP) is responsible for the development, management and evolution of Generali SIEM architecture, related integration of IT log sources and implementation of detection strategy to effectively detect and react in case of adverse security events. 

The unit reports directly to the head of the Cyber Security department of GOSP and is responsible to manage the Generali SIEM platform for more than 20 legal entities of the Group, distributed in different time zones. 

A tight cooperation with the Security Operation Center, with the Incident Response team and with the main IT departments is required to ensure an effective coordination of all main stakeholders involved in the prevention, detection and response processes. 

As Head of SIEM & Security Detection you will be in charge to define the SIEM strategy of GOSP proposing technological evolution and adoption of new solutions / applications to improve the detection capability of GOSP. Moreover, you will be responsible for the end-to-end administration of GOSP SIEM, from the basic installation and configuration, up to the log source integration involving needed IT units of GOSP. 

A tight cooperation with Group Head Office Cyber Security departments, GOSP Incident Response team and the Security Operation Center is also required for the definition and review of the detection use cases and related correlation rules to guarantee the GOSP SIEM is always up-to-date in terms of detection capabilities. 

As part of the Group Security Strategy of Generali you will be required to extend the SIEM service to new Group legal entities that will be onboarded over time. In this context your primary activities will be the design of the integration method, related SIEM architecture to be implemented both at local and GOSP level, definition of the team sizing required to achieve the SIEM integration and to maintain the system overtime, implement and maintain needed correlation rules to endure adequate detection capabilities for all GOSP customers. 

 

Main Tasks:

  • Oversee and support the continuous improvement of the SIEM platform, related processes, and organization 
  • Define SIEM roadmap and architectural improvements required to keep the platform up-to-date and capable of guarantee adequate IT performances and detection capabilities according to Group guidelines 
  • Act as main counterpart for the SIEM extension to new Group legal entities, by collecting local requirements and identifying most fitting SIEM architecture to be implemented to effectively establish the SIEM service for new customers 
  • Define the security requirements in terms of logging events for the main IT platforms in scope; promote the adoption of such requirements towards all IT stakeholders for an efficient and effective log collection 
  • Implement and maintain an adequate monitoring of SIEM infrastructure and related log sources ensuring that SIEM service is always up and running and log sources are consistently sending logs to the platform 
  • Cooperate to the definition of relevant security use cases to improve overtime the detection effectiveness of the SIEM by establishing a continuous improvement process within the SIEM team, involving main Cyber Security stakeholders (Incident Response team, SOC, etc). 
  • Establish a tight alignment with the Security Operation Center for continuous review of the service provided and managed offences 
  • Define monthly and ad-hoc reporting to share with the GOSP CSO and main stakeholders to monitor and measure the effectiveness of the SIEM platform 
  • Coordinate and maintain engaged overtime the team for an effective delivery of the unit mission  

 

Requirements:

  • Degree in Computer Science, IT Security, or equivalent work experience in Information Security 
  • Minimum 5-8 years of experience in Cyber Security area 
  • Previous management experience leading a SIEM team and related IT solutions  
  • Experience working in and leading within a Security Operations Center 
  • Experience with IBM QRadar administration and integration 
  • Intermediate English (at least CEFR B1, written/spoken) 
  • Availability to travel occasionally in Europe. 
  • Direct experience in international organizations 
  • Demonstrated success in implementation of SIEM solutions in multi-country-based organizations 

 

Skills

  • Ability to implement process and technologies that make efficient use of SIEM and collected data for the purposes of security detection. 
  • Capable of defining security use cases and correlation rules to enable SIEM in detection of new cyber treats 
  • Ability to manage 3rd party partners to meet SLAs and commitments. 
  • Results oriented cross-functional leadership with proven success partnering with internal and external stakeholders. 
  • Excellent interpersonal communication, project management and leadership skills. Must be able to communicate effectively with all levels of the organizations  
  • Ability to efficiently achieve security requirements in an effective partnership with the independent teams who are responsible for system administration and software development.  
  • Attention to detail with flexibility in addressing changing requirements 
  • In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. 
  • Experience in threat management 

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions