Information Security Officer (Specialist)

The Local ISO is responsible for implementing and maintaining the Information Security Management System in accordance with Group policies and regulations, as well as Italian laws and regulations regarding the information security. The Local ISO acts as a point of contact with the Group for all information security matters within the Italian branch. Requirements degree in Computer Science, Engineering or significant experience in the role at least 3 years of experience in information security roles, preferably in the financial or debt collection sector and in international groups basic technical knowledge of most common security tools (firewalls, intrusion detection systems, endpoint protection, MFA, IAM, PAM, ) experience in cloud and hybrid cloud risk assessment and mitigation excellent communication and relationship management skills, good experience with connecting business and IT fluent in Italian and English in-depth knowledge of information security standards, like ISO27001, and familiarity with data protection laws and project management basics willingness to engage in IT security audits. awareness of ISO27001, DORA, NIS Security Guidelines, and other security standards Desirable: Certifications in information security (CISSP, CISM, CISA) are a plus Experience in ISO 27001 certification Responsibilities Cooperate with other security functions (DPO, Risk Management Units, IT Infrastructure Dept.) to manage local technology compliance, monitoring and ensuring that IT activities and systems comply with internal and external information security requirements. Supporting Risk Owners in managing information security risk and overseeing their activities. Conducting internal and external controls in the area of cybersecurity Assessment of the business partners under the Security perspective Assessment of new software and applications under the Security perspective Identify, assess and agree on needed actions to mitigate information security risks, check the effectiveness of the controls put in place Reporting local security level through Key Risk Indicators Organizing and conducting local educational and training initiatives aimed at increasing employee awareness and competencies in information security. Supervising compliance with local regulations, monitoring and ensuring that operations and procedures in the local unit comply with local information security regulations. 10. Participate in the definition of Group Security Standards, integrating them to local needs 11. Manage and respond to security incidents in a timely and effective manner, in collaboration with the Group security team and other local security functions (DPO, Risk Management Units, IT Infrastructure team) What We Offer: Temporary Contract Hybrid work model (up to 75% on a monthly basis). Benefits such as corporate welfare and meal vouchers. International work environment. Numerous training and development opportunities J-18808-Ljbffr

Location: la-spezia, IT

Posted Date: 6/16/2025