Senior Information Security Engineer (GRC)

We are the 1st Hub for Developers! Our motto is “From Developers to Developers”! Our vision is to provide real career opportunities for candidates that want to take the next step in their career. Code.Career is the first process that you will speak with developers (only!) and tech (freak) experts!

Our client is one of the most significant players in the global insurance and financial products market. The Group is leader in Italy and, founded in 1831 in Trieste, is the Group’s Parent and principal operating Company.

Characterised from the very outset by a strong international outlook and now present in more than 50 Countries, the company has consolidated its position among the world’s leading insurance operators, with significant market shares in Western Europe – its main area of activity – and particularly in Germany, France, Austria, Spain, Switzerland and Central and Eastern Europe.

The Group has – over the last decade – set up offices in the main markets of the Far East, among which India and China; in particular, in China, just after few years of operation, it has become the leader among the insurance companies with foreign equity interests.

Currently they are looking for an Information Security Engineer (GRC)to join the company.

Tasks and responsibilities

The Cybersecurity Risk and Governance Analyst fulfils the following tasks:

● Understanding how different cyber risks can affect the organisation’s operations, prioritises efforts to secure the most vital aspects of the business and minimise potential disruptions, data breaches, noncompliance, financial penalties or reputation.

● Assesses the potential impact of cybersecurity risks on critical business processes and functions.

● Aligns cybersecurity risk management with overall business objectives.

● Understands the organisation’s strategic goals and ensure that cybersecurity measures are integrated seamlessly.

● Collaborates with department stakeholders to balance security requirements and the need for business agility, innovation, and growth.

● Understands the financial implications of cyber risk and leverages insurance as a tool to manage residual risks effectively.

● Ensures that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

● Performs cyber risk trend analysis and reporting.

● Performs security reviews and identifies security gaps in security architecture, resulting in recommendations for inclusion in the risk mitigation strategy.

● Works with stakeholders to communicate business risk and risk mediation in accordance with agreed protection levels.

● Plans and conducts security authorisation reviews and assurance case development for initial installation of systems and networks.

● Reviews authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.

● Verifies that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.

● Performs risk analysis (e.g., business impact, and probability of occurrence) whenever an application or system undergoes a major change.

● Builds remediation plans for business risks identified during risk assessments, audits, inspections, etc.

● Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the Generali Hellas mission and goals.

● Responsible for confidentiality of client information and compliance with department standards and procedures.

● Provides knowledge and expertise in government regulatory processes and documentation, including but not limited to Risk Management Approach (RMA), National Institute of Standards and Technology (NIST) standards, and policies and procedures.

Requirements

● BS or MA in computer science, cybersecurity or a related field

● 3+ years of experience in an IT audit, enterprise risk management (ERM) role or cyber risk management role

● 3+ years of experience with regulatory compliance, risk management frameworks and information security management frameworks (e.g. ISO 27000, NIST CSF, NIST Risk Management Framework, ISO 27005, etc.)

Desired, but not required:

● Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)

Technical and Business Experience

● Experience communicating complex technical concepts to non-technical audiences.

● Experience with cybersecurity principles and practices, including risk management, security controls, and incident response.

● Experience with cybersecurity frameworks and standards, such as the NIST CSF and ISO/IEC 27001.

● Strong background in conducting Business Impact Analysis (BIA) to evaluate the potential impact of cybersecurity risk on critical business processes and functions.

● Proven track record in performing Cost-Benefit Analysis of Security Measures, including assessing the cost-effectiveness of cybersecurity measures in relation to potential business losses.

● Expertise in identifying and assessing risks to the organization’s business, focusing on prioritizing efforts to protect vital aspects and minimise disruptions.

● In-depth knowledge of cybersecurity principles and practices, encompassing risk management, security controls, and incident response.

● Experience with relevant security standards and applicable regulations, such as PCI DSS, EU DORA and NIST framework