Operates in close cooperation with local Information Security Officer (ISO) and with Head Office in order to ensure the definition of the objectives for the Cybersecurity and Business Continuity Programs and monitors compliance with such objectives.
Specific accountabilities of the Information Security Specialist in support of the local ISO:
• Oversight the state of information security and cybersecurity for the Branch and provides periodic reports (at least annually) on the state of information security to Top management
• Adopt, implement and update Cybersecurity policies, rules, processes and procedures in line with Head Office regulatory Framework
• In reporting to the Top management, considers to the extent applicable the confidentiality of Non-public Information and the integrity and security of Information Systems, the cybersecurity policies and procedures, the material cyber risks, the overall effectiveness of information security and cybersecurity program and possible material cybersecurity events involving the Branch
• Work strategically with Head Office to ensure that all aspects of information security and cybersecurity are properly monitored, and that security projects and tasks are properly coordinated
• Perform continuous monitoring of Information Security and Cybersecurity programs to ensure compliance with objectives, policies and procedures
• Identify and evaluate changes in local regulations, as well as trends in the Information Security and Cybersecurity marketplace, such as new products, new attacks and new countermeasures for applicability inside the Branch's environment
• Ensure the local execution of Business Continuity activities, including periodical Business Impact Analysis, tests and reporting, in line with Group model
• Work with information owners in business units to determine appropriate security objectives for securable resources.
• Monitor network activity for malicious activity
• Monitor and evaluates vulnerability reports, vendor hot-fixes, and vendor patches for applicability to deployed technologies
• Monitor the process of creating, changing, or removing user access across all systems
• Monitor the access control program. Ensure that all appropriate documentation pertaining to the recording of account creations, deletions, and permissions are correctly maintained and approved
• Implement the Cybersecurity and Business Continuity Training Programs
Minimum 7 years in the cybersecurity and business continuity management environment, preferably in a Financial Institution.
• Bachelor’s in computer science, Information Technology or related field
• Master's degree a plus
• CISSP / CISM certification preferable
• Must display subject matter experience in application security, vulnerability testing and system testing
• Solid background in assuring high level of Information Security management and Business Continuity management in an organization
• I.T./lnfo/Cyber Security risk management experience and direct participation in related risk management processes, including application risk classification and application control assessments
• Knowledge of financial industry products and related IT platform, a plus
We are the leading banking group in Italy and one of the Top Tier in Europe. Join us and be part of our successful story!
With over 20 million customers in Italy and abroad, we are a true engine of sustainable growth, with a strong commitment to the environment and a tangible impact on society. People are our driving force. We take care of them and foster an inclusive culture where everyone feels valued and empowered.
Join an international and innovative Group. Don't wait for the future, choose it!
#sharingfuture
We guarantee an inclusive and equal environment. We will consider all applicants regardless of race, religion, sexual orientation, gender identity, marital status, national origin, age, disability, or any other protected category in compliance to D.lgs. 198/2006, 215/03 and 216/03.
For the evaluation of the application, the data will be processed by Intesa Sanpaolo S.p.A. as Data Controller. We invite you to review the dedicated Privacy Information Notice for more details.
Intesa Sanpaolo è il maggior gruppo bancario in Italia con una significativa presenza internazionale. Il suo business model distintivo la rende leader a livello europeo nel Wealth Management, Protection & Advisory e ne caratterizza l’orientamento al digitale. I’impegno in ambito ESG prevede, entro il 2025, €115 miliardi di finanziamenti impact e contributi per 500 milioni a supporto delle persone in difficoltà. Gallerie d’Italia, è la sede espositiva del patrimonio artistico della banca e di progetti artistici di riconosciuto valore.
https://group.intesasanpaolo.com/it/
_______________
Intesa Sanpaolo is the largest banking group in Italy with a significant international presence. Its distinctive business model makes it a European leader in wealth management, protection and advisory and ensures its strong focus on digital. Its commitment to ESG foresees, by 2025, €115 billion of impact financing and contributions of €500 million to support people in need. Gallerie d'Italia, is the exhibition venue for the bank's artistic heritage and artistic projects of recognised value.
https://group.intesasanpaolo.com/en/
_________________
Sede Legale: Piazza San Carlo 156, 10121 Torino – Sede Secondaria: Via Monte di Pietà 8, 20121 Milano Tel. 011 555.1 – mail: info@intesasanpaolo.com
pec: info@pec.intesasanpaolo.com
Registro delle Imprese di Torino e Codice Fiscale 00799960158 – Partita Iva 10810700152
N. Iscr. Albo Banche 5361
N. Iscr. Registro degli Intermediari
Assicurativi e Riassicurativi - Sez. D. 000027210, data di iscrizione 01.02.2007 - Intermediario soggetto alla vigilanza dell'IVASS: https://servizi.ivass.it/RuirPubblica
Per la presentazione dei reclami e eventuali sistemi di risoluzione delle controversie https://www.intesasanpaolo.com/it/persone-e-famiglie/reclami.html.
Per assistenza: https://www.intesasanpaolo.com/it/common/parla-con-noi.html.
Netiquette: https://www.intesasanpaolo.com/it/common/landing/anti-phishing/netiquette.html
