Generali, uno dei principali attori nel settore assicurativo globale, ricerca un Cyber Security Analyst per l’area IT Operations & Security Risk del Gruppo.
Description
Within the Group IT Operations & Security Risk area we are looking for Cyber Security Analyst. Cyber Security Analyst able to design, implement and steer the Cyber Security Risk Management Framework targeting the high level, high impact Cyber related threats with the aim of enhancing the Generali Group IT Security posture. The position is a critical role within a small team of high skilled resources in the Group Head Office with the primary objective of ensuring the robustness of the Generali Cyber defenses. The Cyber Security Analyst has to perform risk evaluation on Generali IT Assets working with both technical and business people. The Analyst must be able to deal with complex business, IT and Information Security processes and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed. Cyber Security Analyst has to develop Awareness and Training Security program, initiatives and contents for all the companies in the Generali Group with the objective to improve the security posture of the Group.
Key responsabilities of the role will include:
- Apply cyber security risk management principles to conduct quantified assessment of first line business applications, systems and processes according to an established Generali Group methodology
- Establish scope of analysis and define analysis success parameters
- Collect relevant data points and guide local IT Security managers with calibrating input ranges
- Review results to identify potential outlier data inputs, identify potential cyber threats, analyze the risks and recommend controls based on the analysis results
- Analyze existing cyber security mitigation strategies / controls and assess their effectiveness
- Writing detailed reports containing findings, observations and recommendations
- Identify and analyze cyber threat scenario to be considered in the risk analysis
- Define program and initiatives of security awareness and training for the Generali Group
- Develop contents and assets to be used in all companies of Generali Group for security training, awareness campaign, phishing simulation activities, cyber crisis simulation, top manager security induction, etc.
Qualifications
Our ideal candidate will meet the following requirements:
Must have
- Master’s degree
- Information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) are desired
- Minimum two /three years of experience in security
- Risk Analysis experience – preferably with NIST, ISO framework
- A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber-attack simulation
- Understanding how cyber impacts business objectives
- Ability to understand business and technical implications
- Knowledge of cyber threat vectors, both generally and sector-specific
- Knowledge of current cyber threat trends and approaches
- Architecture, topology, ports and protocols, services
- Knowledge of emerging technologies, such as cloud, Internet of Things (IoT), data analytics / machine learning, block chain / digital currency / distributed leger technology
- A good knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication
- Knowledge of different threat actor categories (nation state, criminal, general hacker, hacktivists) and their common techniques
- Knowledge of cyber risk estimation methodology and tool
Nice to have
- Strong operational focus, ability to drive topics and deliver results even under pressure and time constraints
- Superior communication skills and ability to manage a wide array of different stakeholders
- An inquisitive, or problem-solving, mindset
- Strong Team player
Primary Location: Italy-Trieste
Contract Type: Permanent
