Security Governance – Security Adviser

Apply website

Send CV
 Mogliano Veneto      2/20/2020


GSS provides shared services to the Generali Group companies having the Head Office in Italy and 5 branches in other European countries with a total staff of about 1.000 people.

The “Security Controls & Reporting” Unit is located in the Security Governance Department of the Chief Security Officer Division of Generali Shared Services.
The Unit is responsible for planning, preparing and carrying out activities aimed at ensuring that processes and activities affecting the information security management system are performed according to the international/local regulations and to internal policies, guidelines and technical measures. It is also in charge of monitoring security activities in terms of metrics, statistics, KPI and of checking the company's posture against relevant security certifications.

In details the unit has the main responsibility of:
• Act as a focal point for audit and controls on GSS Information Security Management System
• Ensure the good standing of the ISMS, supporting the compliance to ISO27001 and reglar review to ensure process effectiveness.
• Ensure the good standing of the ISAE3402 compliance.
• Support during internal, thematic, advisory and external audit activities.
• Facilitate reporting capabilities & define accompanying processes to provide sufficient information to create reports on target technology.
• Enlargement and regular delivery of metrics, statistics and KPI for Security.

The Security Adviser, reports to the Head of Security Controls & Reporting and will:
• Support internal and external audits activities over the GSS Countries (i.e. ISO27001, ISAE3402, 262 Law).
• Support the budgeting, planning and implementation of periodic activities concerning controls of posture against the compliance to security standards adopted time by time.
• Enlarge and improve the evaluation of scope extensions of internal control system in terms of process, technical environment, controls and country perimeter.
• Extend and support the evaluation and assessment of new certifications, with the purpose of improving assurance objectives (i.e. ISO 22301, ISO 27000 family).
• Develop and collect meaningful information in order to provide the interested internal and external stakeholders with measures, statistics and KPI, through regular reporting tools and on-demand queries.

Supports the following activities:

• Definition and planning of the internal assessment plan.
• Preparation a plan document to schedule and perform Security Risk Assessment to detect potential risks over the IT system.
• Recording of security-related issues detected from testing and/or auditing activities.
• Maintainance of records of security issues according to the corresponding remediation activities and follow up.
• Preparation of reporting in order to keep the management regularly informed about the remediation status.
• Review regularly the scope of existing assessments and certifications.
• Review regularly security assessment criteria and evaluate new certifications.
• Facilitatation and implementation of different audits activities and communication within the team.
• Collection of information in order to deliver periodic reporting on the most relevant security trends.
• Definition of new security indicators and adapt existing ones in order to provide the internal management and customers with a meaningful set of security metrics over time.
• Improvement of the KPI set and development of a process and protocol in order to exchange data with/from other data sources.
• Increasing security awareness on ICT systems in other Departments

The ideal candidate will fmeet the following requirements:
• Degree in computer science and/or several years of IT professional experience.
• Fluent English (at least CEFR B2, written/spoken).
• Good knowledge of ISMS and ISO27001
• At least one Certification in Security area, more preferred UNI ISO/IEC 27001 Lead Auditor, ISACA CISA, COBIT5/COBIT2019, ITIL.
• Fundamentals knowledge of:
o Risk Assessment.
o Data Protection.
o Disaster Recovery & Business Continuity.
o Security Assessment.
o Cyber Security principles.
o Knowledge inPhysical and Cooperate Security would be a plus

• Strong passion on security.
• Ability to work in a large international organization, multicultural contexts and to deal with different local scenarios.
• Analytical and effective communication skills.
• Interpersonal relations management skills in an international environment.
• Demonstrated ability to work effectively as part of a team, sharing knowledge.
• Conflict management skills.
• Proactivity.
• Basic knowledge in Project Management will be appreciated.
• Availability to travel (mostly Europe)


Non specificato




Degree with Honours