Il Gruppo Generali ricerca un Cyber Security Risk Analyst per la sede di Milano.
“The Group IT & Operations Risk & Security is in charge of developing the Group Information, IT Security and cyber risks governance, as well as detecting and ensuring the mitigation of IT risks at Group level, in particular, with the responsibility to:
- Set and monitor the IT security standards, architecture and requirements ensuring their implementation, as well as leading and monitoring the response and mitigation of the cyber threats and attacks, in coordination with other relevant Group Functions
- Define the Group IT security governance and supervise its implementation; define the IT security Group policies and guidelines, standardize the IT security processes and harmonize related tools across the Group; lead and monitor the IT security activities at Group level, including those performed by Generali Shared Services
- Manage IT risks through their detection, identification, monitoring, evaluation and mitigation.
Within the Group IT & Operations Risk & Security, the Cyber Security Risk Analyst designs, implements and steers the Cyber Security Risk Management Framework targeting the high level, high impact Cyber related threats with the aim of enhancing the Generali Group IT Security posture. The position is a critical role within a small team of high skilled resources in the Group Head Office with the primary objective of ensuring the robustness of the Generali Cyber defenses. The Cyber Security Analyst has to perform risk evaluation on Generali IT Assets working with both technical and business people. The Analyst must be able to deal with complex business, IT and Information Security processes and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed.
The Cyber Security Risk Analyst’s main tasks are:
- Apply cyber security risk management principles to conduct quantified assessment of first line business applications, IT systems and processes according to an established Generali Group methodology
- Establish scope of analysis and define analysis success parameters
- Collect relevant data points and guide local IT Security managers with calibrating input ranges
- Review results to identify potential outlier data inputs, identify potential cyber threats, analyze the risks and recommend controls based on the analysis results
- Analyze existing cyber security mitigation strategies / controls and assess their effectiveness
- Writing detailed reports containing findings, observations and recommendations
The ideal candidate will meet the following requirements:
- Risk Analysis experience – preferably with NIST, ISO framework
- A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber-attack simulation
- Understanding how cyber impacts business objectives
- Ability to understand business and technical implications
- Knowledge of cyber threat vectors, both generally and sector-specific
- Knowledge of current cyber threat trends and approaches
- Architecture, topology, ports and protocols, services
- Knowledge of emerging technologies, such as cloud, Internet of Things (IoT), data analytics / machine learning, block chain / digital currency / distributed leger technology
- A good knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication
- Knowledge of different threat actor categories (nation state, criminal, general hacker, hacktivists) and their common techniques
- Ability to develop and evaluate technology policies, technical engineering standards and operational procedures
- Information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) are desired
- Strong operational focus, ability to drive topics and deliver results even under pressure and time constraints
- Superior communication skills and ability to manage a wide array of different stakeholders
- An inquisitive, or problem-solving, mindset
- Strong Team player
- Knowledge of IT GRC technology platforms (RSA Archer is required)
- Contract Type: Permanent”.
Per maggiori informazioni visitare il seguente link: