Cyber Risk Specialist

Within the Group IT Operations & Security Risk unit, we are looking for a Cyber Risk Specialist able to design, implement, and steer the Cyber Security Risk Management Framework, targeting high-level and high-impact cyber threats, with the aim of enhancing the Generali Group IT Security posture. This position is a critical role within a small team of highly skilled resources at the Group Head Office, with the primary objective of ensuring the robustness of Generali's cyber defenses. The Cyber Risk Specialist performs risk evaluation on Generali's IT assets, working with both technical and business professionals. The Specialist must be able to manage complex business, IT, and Information Security processes, assess the implications of current and emerging cyber threats, and recommend corrective actions where needed.

Key responsibilities of the role will include:

• Design and apply cyber security risk management principles and methodologies to ensure that such risks are identified, managed and reported at Group level and in Assicurazioni Generali.
• Identify and analyze cyber threat landscape and sources/scenarios to be considered in the risk analysis, quantifying likelihood and impact associated.
• Conduct specific assessments on first-line business applications, systems and processes according to an established Generali Group methodology.
• Perform the relevant reporting on cyber security risk to the required functions.
• Analyze existing cyber security risk mitigation strategies / controls and assess their effectiveness.
• Coordinate and monitor the cyber security risk guidelines / processes adoption and assessment execution across the whole Group.

Requirements

Our ideal candidate will meet the following requirements:

• Risk Analysis experience – preferably with NIST, ISO framework.
• A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber-attack simulation.
• Understanding how cyber risk impacts business objectives.
• Ability to understand business and technical implications.
• Knowledge of cyber threat vectors, both generally and sector-specific.
• Knowledge of current regulatory requirements in terms of cyber risk management.
• Knowledge of current cyber threat trends and approaches.
• Knowledge of cyber risk impact on emerging technologies, such as Internet of Things (IoT), advanced data analytics / machine learning / Artificial Intelligence (AI), blockchain / digital currency / distributed ledger technology.
• A good knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication.
• Knowledge of different threat actor categories (nation state, criminal, general hacker, hacktivists) and their common techniques.
• Knowledge of cyber risk estimation methodology and tool.

Soft skills:

• Strong operational focus, ability to drive topics and deliver results even under pressure and time constraints.
• Superior communication / presentation skills and ability to manage a wide array of different stakeholders.
• An inquisitive, or problem-solving, mindset.
• Strong Team player.

Education and certifications:

• Master's degree.
• Information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) are desired.
• Minimum two / three years of experience in security.