THE BENEFITS OF WORKING WITH US

The values that guide our behavior and our conscious way of doing business are: integrity, respect, teamwork, innovation, focus on results, and customer-centricity .Becoming part of the Itway team means identifying with this set of values and shared goals.We are always looking for new challenges ,constantly evolving because we are partners with our clients on their digital transformation journey.We are always searching for talents ,and we welcome all spontaneous applications.If you're ready to bring out your talent and join a team that loves turning the ordinary into the extraordinary,send us your CV today THE BENEFITS OF WORKING WITH US We are constantly inspired by the words of our President : “On the ideas of freedom and responsibility we built Itway. Free to choose the best. Free to design the future. Free to be leaders, responsible in standing up for our beliefs. Free and protagonists." We provide our people with continuous and goal-based training to develop new skills, in-house Technology Labs and Solution Center to keep abreast of technologies, Continuous e-Learning platform.We apply Smart Team Working , with strong orientation to team working, based on individual and team goals, inspired by our President's principles of freedom and responsibility, “last but not least” full remote (not mandatory).We experience moments together such as the monthly Work from Office Day, our events with Partners and Customers, to which we add our Stand Up Meetings, 1-to-1 Meetings, Business Update Meetings in hybrid and flexible mode, and Itway Parties CYBER RISK EXPERTS Cyber Security & Resiliency Business Unit THE POSITION We are looking for people with different seniority and experience cross between the domain of Cyber Risk (treated in line with primary regulations DORA, NIS2, GDPR) and the domains of Enterprise Security Architecture and Security Operation and Cyber Defense processes , mainly for financial and critical infrastructure sectors. The Cyber Risk Expert fills a role with differently articulated seniority and responsibilities according to our Role Framework, from Specialist to Principal, and reports to a Service Line Manager “Cyber Risk” or directly to the Service Line Director. YOUR IMPACT IN THE COMPANY AND ON OUR CUSTOMERS Cyber Risk is at the heart of our services and our Clients' business, so your main activities involve Information Risk Management, relevant Compliance in this area and the definition of Information Security Management Systems, as well as their application and declination on Clients' organization, processes and architectures. Your activities include:- Conduct of Cyber Risk Assessment and identification of necessary corrective measures- Risk Analysis and security assessments to identify business assets, information assets, threat exposure, vulnerabilities, and security and operational risks- Compliance Gap Analysis and identification of necessary corrective measures- Assessment of compliance of contracts with suppliers with respect to external regulations and business rules, with particular reference to security aspects - Development and implementation of risk mitigation strategies and operational plans- Drafting and updating of related security policies operational instructions- Definition of security safeguards, consistent with the risk appetite resulting from the analyses- Preparation of security standards and related procedures- Collaborating on the design of security architectures and systems- Specific collaboration on the design and also implementation of Exposure Management, Data Classification and Information Protection architectures and technologies, GRC platforms. Your impact in the company will also be related to the following activities, depending on seniority and responsibility: - Continuous analysis of evolving types of security countermeasures- Ongoing analysis of existing and potential threat types, monitoring their trends- Monitoring changes in Cyber Risk legislation, regulations and standards and frameworks, assessing their impact on proposed services and solutions and on Itway and Customers' organization and developing or evolving frameworks to structure effective governance and operations processes and secure and resilient architectures.- Proactive participation in qualifying project opportunity initiatives, responding to tenders, supporting Sales and Pre-sales activities- Promotion of Cyber Risk services and solutions to Itway and Customer stakeholders. WHO YOU ARE. You have between 2 and 6 years of seniority, accrued on Security Governance, Compliance and Cyber Risk Management, preferably in the financial and critical infrastructure sectors, with varying experience based on seniority in defining, leading, managing complex projects in that area, with particular focus on compliance, remediation, risk mitigation activities both organizational-procedural and architectural and technological. If you have knowledge of Exposure Management, Data and Information Protection technologies, as well as GRC and Risk Analysis platforms, this is a significant plus. You have knowledge of security and business continuity regulations and standards (prioritized by DORA, NIS2, National Cyber Perimeter, and following ISA/IEC 62443, ISO/IEC 22301, ISO/IEC 27001, NIST CSF, CSA STAR, PCI-DSS), deepened depending on seniority, but most importantly demonstrated ability to pragmatically apply these frameworks to organizational contexts, operational processes, security and IT architectures of Clients. Your possible knowledge of artificial intelligence and privacy security regulations and standards (AI ACT, GDPR) is particularly welcome. You possess a high consultative standing and have excellent knowledge of spoken and written English. Italian is your native language.If you are CISSP and CRISC (or equivalent) certified, or and even better CCSP and ISSAP (or equivalent) certified, you are likely to be among our favorites. SELECTION PROCESS 1. Send your cv to with the subject line Cyber Risk Experts Role. 2️. Attend the Knowledge Interview 3️. Take the Technical Interview DISASTER & CYBER RECOVERY EXPERTS Cyber Security & Resiliency Business Unit THE POSITION. We are looking for individuals with different seniority and experience in Business Continuity, Disaster Recovery and Cyber Recovery, who have excelled in these disciplines from both the methodological (analysis, scenarios, plans, procedures) and architectural and technological sides, mainly for financial and critical infrastructure sectors. The Disaster & Cyber Recovery Expert holds a role with differently articulated seniority and responsibilities according to our Role Framework, from Specialist to Principal, and reports to a Service Line Manager “Recovery” or directly to the Service Line Director. YOUR IMPACT IN THE COMPANY AND ON OUR CUSTOMERS In the era of Digital Transformation, Business Continuity of IT services is essential to our Clients' business. Your main activities involve Business Continuity Management, Disaster & Cyber Recovery Planning, the definition of Business Continuity Management Systems, as well as their application and declination on Clients' organization, processes and architectures. Your activities include:- Conducting qualitative and/or quantitative Business Impact Analysis, identifying business assets, information assets, exposure to threats (physical, logical, human, cyber), vulnerabilities and business continuity risks of IT services- Analysis of the stress that Customers' business can endure in an IT disaster scenario (in the face of various causes and threats, including cyber), declined in RTO and RPO parameters- Compliance Gap Analysis with respect to mandatory regulations in the area of Business Continuity (e.g., DORA, Circular 285