Treviso, Italy

Corporate services


Job Responsibilities

You will join the information & cyber security governance team, inside the Group Legal Department, which is responsible for the organization-wide security and governance, risk, awareness and compliance with industry standards and regulatory requirements.

- Support the development, update, implementation and enforcement of information security governance including policies, baselines and procedures
- Serve as a liaison between business and functional areas and the technology teams to ensure that Information Security policy-related business requirements for protecting data are clearly defined, communicated, and well understood, and considered as part of operational prioritization and planning
- Recommend appropriate security controls according to internal standards and key industry best practices and ensure that such controls operate as intended
- Gap analysis with respect to standards, industry regulations and definition of the security posture
- Conducting risk analysis and developing of corrective action and remediation plans for identified issues, risks, or vulnerabilities
- Analysis of regulatory requirements for data protection and support in the identification of corrective actions to reach the compliance
- Support in the development and implementation of information security and cyber-security awareness programs to raise awareness around information security risks and best practices
- Support the information & cyber security incident management and escalation processes and procedures
- Support in the cyber security innovation process

Job Profile

- Master Degree in Management Engineering / Computer Information Technology / Computer Engineering;
- At least 2 – 3 years experience in Information Risk Management, Information & Cyber Security Governance in international groups or major consulting firms
- Knowledge of international standards and best practices in terms of Information & Cyber Security Governance and experience with security practices and solutions (e.g. ISACA, COBIT, ISO27000 family, NIST Cybersecurity Framework, PCI-DSS);
- Knowledge of data security and protection rules and principles, with particular reference to GDPR
- Knowledge of Cyber Security concepts
- Certifications in the field of information, cyber security & risk management may be considered as additional non-mandatory skills to be considered a plus for the position.


- Experience in risk management methodologies and procedures;
- Ability to work on matters of high sensitivity and confidentiality with both professionalism and discretion
- Ability to work collaboratively with a broad range of constituencies and respond to their needs and collaborate effectively towards solutions
- Fluent knowledge of English languages is essential
- Good analytical skills, flexibility, problem solving, initiative, focus to results, communication both oral and written.
- Excellent adaptability and teamwork
- Ability to understand the business
- Strong sense of commitment
- Reliability
- Proactivity and passion for the world of Information & cyber security