The role is part of the Cyber Security function, the candidate will be responsible for supporting the area in the adoption, management and evolution of corporate solutions in the Cyber Risk management topics and will collaborate with the corporate structures to conduct risk assessment and directing risk monitoring plans and related remediation.
Main responsibilities:
- Implement a risk-based approach to prioritize development of secure patterns for high-risk assets or activities
- Update Sky risk management process in accordance with best practices, regulations and Sky Policy
- Cooperation with the group structures for cyber risk management activities
- Use of the corporate cyber risk management platform to manage the cyber risk register
- Continuously update the risk management process in accordance with best practices and with company Policy
- Management of Exceptions process to policies, standards and guidelines
- Monitoring and reviewing security controls to identify their operational effectiveness
- Facilitate audits and remediations of any findings noted in cyber security department
- Support on cyber security compliance on GDPR, NIS2 and PCI/DSS
- Cyber risk posture reporting to SKY management and Committee
- Development of visual dashboards that board directors can use to monitor risk
- Control of the effectiveness of the metrics adopted
Requirements:
- Proved experience in similar roles, gained in consulting companies and / or large companies in the ICT sector in relation to cyber risk management projects
- Master degree in Computer Science or Telecommunication Engineering
- Knowledge of the landscape of norms and standards in the privacy / information security field (HIPAA, NY DFS, GDPR, CCPA, ISO / IEC 27000, NIST, PCI DSS, etc.)
- Knowledge of the main Risk Management / Control Frameworks (COSO, COBIT, ISO, ITIL, NIST, FAIR, etc.)
- Able to articulate cyber risk management concepts to a wide range of recipients
- Excellent knowledge of cyber risk management tools and experience in using some of them.
- Excellent understanding of ICT services and architectures
- The achievement of CISSP, CISA, CISM, SANS GIAC certifications will be considered a preferential title.
- Languages: Italian, English
Soft skills:
- Excellent verbal and written communication skills
- Ability to constructively and proactively interact with all the stakeholders, respecting the work needs and the role of each.
- Flexibility, autonomy, speed; proactive and highly assertive candidate, with a strong goal orientation.