ICT & Cyber Risk Specialist


Job Description
For the GOSP Risk Unit of the Enterprise Risk Management department we are looking for a ICT & Cyber Risk Specialist.

The ICT & Cyber Risk Specialist is a passionate professional with strong technical background on the digital ecosystem.

Job practice domains:

  • Identification of weaknesses that might lead to risks in the areas of ICT infrastructure and cyber
  • Risks Identification, Assessment, Evaluation, Response, Monitoring through:
  • ICT assets lifecycle (from demand, projects, changes till End of Support risk)
  • Security testing reports: vulnerabilities scanning, penetration testing, TLPT, early warning
  • Ad-hoc risk assessment on technologies (e.g. AI, Cloud, IoT…)
  • Meeting with stakeholders
  • Support the definition of remediation plan and related mitigation actions, monitoring their implementation
  • Report on the ICT & Cyber risks
  • Involvement on local and Group’s strategic programs

Key activities:

  • Assess current ICT and Cyber technical posture of the Company with particular focus on infrastructure (network, OS, storage, virtualization, backup) to identify potential risks and weaknesses
  • Support the identification of potential risks within key ICT & Cyber activities:
  • Digital transformation and business projects
  • ICT assets lifecycle
  • Security testing (e.g. Penetration tests, vulnerability scanning, BCM & DR plans)
  • Act as a SME on technical topics to support local ICT & Security departments in both tactical and strategic initiatives
  • Give advice on ICT project to foster a risk based approach on infrastructure evolution
  • Act as SME on ICT & cyber incidents
  • Support regular updates on methodologies, tools and documentation for continuous improvement
  • Support the regular alignment with all Legal Entities involved in ICT & Cyber Risk activities and other functions
  • Reports at local and Group level the ICT & Cyber risk exposure of the Company

The ICT & Cyber Risk Specialist is closely aligned with the Head of Enterprise Risk Management and with Group Risk functions. He/she interacts regularly with company’s Risk owners and with Operational Risk Management of Group Legal entities

Our ideal candidate will meet the following requirements:

  • Bachelor’s degree in Computer Science, Mathematics, Engineering, or equivalent experience in IT and/or Cyber security fields
  • Experience in technical roles in ICT or Cyber areas, like sys/network admin, ICT architect, security specialist
  • Good understanding of infrastructure architecture and best practices
  • Good knowledge of ICT and cyber security
  • Good understanding of ICT service management
  • Knowledge of international standards (ISO 31000, COBIT 2019, ITIL v4, ISO 2700x, PMI)
  • Knowledge on risk qualitative and quantitative methodologies
  • Project management skills
  • The achievements of one or more of the following professional certifications is required: CISA, CISM, CGEIT, CRISC, ISO27001 LA, COBIT 2019 Foundation, CSX Fundamentals, CSX Practitioner, ITIL v4 Foundation, CIA, CRMA, PMI
  • Fluent English, another European language(s) is a plus

Soft skills:

  • Strong listening and mediation/negotiation skills
  • Problem-solving and analytical skillset
  • Communication skills and ability to manage a wide array of different stakeholders
  • An untarnished reputation for integrity
  • Proactivity to drive qualitative results
  • A global mind-set