The successful candidate will:
·Plan and design the implementation of all information security (procedural, organizational and technical) countermeasures, collaborating with the local and group functions in order to perform analysis and assessments of IT risk and to define the correct countermeasures to be adopted for minimizing the probability of loss and / or unauthorized access to company data.
·Collaborate on both local and group projects by carrying out the activities necessary to achieve compliance with international / national laws and regulations. Collaborate by defining the implementation of the group's security standards and policies at the local level. Establish and maintain effective relationships with local agencies and institutional bodies involved in security (such as police, intelligence services, trade unions, and so on).
·Design strategies / methods and adopt technologies aimed at managing information and systems within the Company and managing, preserving and destroying classified materials. Plan security activities and define ways to prevent or correct unsuitable situations. Collaborate by implementing the risk assessment activity in order to verify the security of information at a logical level.
·Collaborate by implementing the corporate security policy in compliance with company regulations and objectives. Support in the provision of security services (both directly and by managing suppliers), giving support in the definition of security SLAs and KPIs and monitoring the adequacy of the countermeasures adopted for the protection of information systems from unauthorized access.
·Analyze and report the risks / weaknesses related to the assigned area of competence, with particular regard to safe programming and protection techniques typical of the application layer, in order to suggest adequate and updated solutions / procedures. Provide accurate reporting on statistics, benchmarks, programs and trends related to the assigned area of competence.
- 8-10 years experience as a security tester / programmer.
- Degree in technical-scientific subjects, preferably Computer Science, Computer Engineering, Mathematics or Physics.
- Knowledge of languages and basic programming skills (Java)
- Access control (RBAC / ABAC)
- Identity and access management (IDM / IAM / IAG)
- Information security management
- Knowledge of information security policies / procedures
- Knowledge on prevention / detection of intrusions
- Experience in network security, Head of the certified information system (CISM)
- Knowledge of the corporate security architecture
- Flexibility, conflict management and team management skills, problem solving, analysis and self-control, stress management.