Information Security Officer (ISO)
The Local ISO is responsible for implementing and maintaining the Information Security Management System in accordance with Group policies and regulations, as well as Italian laws and regulations regarding the information security. The Local ISO acts as a point of contact with the Group for all information security matters within the Italian branch.
Requirementsdegree in Computer Science, Engineering or significant experience in the role
at least 3 years of experience in information security roles, preferably in the financial or debt collection sector and in international groupsbasic technical knowledge of most common security tools (firewalls, intrusion detection systems, endpoint protection, MFA, IAM, PAM, )
experience in cloud and hybrid cloud risk assessment and mitigation
excellent communication and relationship management skills, good experience with connecting business and IT
fluent in Italian and English
in-depth knowledge of information security standards, like ISO27001, and familiarity with data protection laws and project management basics- willingness to engage in IT security audits.
awareness of ISO27001, DORA, NIS Security Guidelines, and other security standards
Desirable: Certifications in information security (CISSP, CISM, CISA) are a plus
Experience in ISO 27001 certification
Responsibilities
Cooperate with other security functions (DPO, Risk Management Units, IT Infrastructure Dept.) to manage local technology compliance, monitoring and ensuring that IT activities and systems comply with internal and external information security requirements.
Supporting Risk Owners in managing information security risk and overseeing their activities.Conducting internal and external controls in the area of cybersecurity
Assessment of the business partners under the Security perspective
Assessment of new software and applications under the Security perspective
Identify, assess and agree on needed actions to mitigate information security risks, check the effectiveness of the controls put in place
Reporting local security level through Key Risk Indicators
Organizing and conducting local educational and training initiatives aimed at increasing employee awareness and competencies in information security.Supervising compliance with local regulations, monitoring and ensuring that operations and procedures in the local unit comply with local information security regulations.
Participate in the definition of Group Security Standards, integrating them to local needs
Manage and respond to security incidents in a timely and effective manner, in collaboration with the Group security team and other local security functions (DPO, Risk Management Units, IT Infrastructure team).