Cloud Security Analyst

Generali is a major player in the global insurance industry - a strategic and highly important sector for the growth, development and welfare of modern societies. Over almost 200 years, we have built a multinational Group that is present in more than 60 countries, with 470 companies and nearly 80,000 employees.

GOSP - Generali Operations Service Platform is a joint-venture between Generali and Accenture and provides IT and Procurement services to Generali Group companies. Our purpose is to accelerate the Group's innovation and digitization strategy through the Cloud and shared platforms. Based in Italy it has 5 branches across Europe and employs about 1.000 people.

The IT Standards and Project is a Unit with the responsibility of ensuring the implementation of the security policies and the security in the projects of the Company.

The unit is located in the Security Governance Department of the Security Division of Generali Operations Service Platform.

In details the unit has the main responsibilities of:

- IT Standards - Group and internal regulation: ensure fulfilment and alignment with the Group Security regulation adoption and development of the Company Security regulation, considering Law, Group, Internal stakeholders and market standards (ISO27001, ISAE3402, ISO22301, ISO27035).

Projects support - Security requirement: ensure security is embedded in the Company’s projects life cycle. Issue security requirements, analyze security of architectures, ensures the requirements are implemented.

The Cloud Security Analyst ensures that security is properly defined and deployed in cloud environments of the Company, taking into consideration the Group and Company policies and the set of delivered services to Customers.

**Main tasks**:

- Acts as Subject Matter Expert for cloud topics within the Security Division.
- Defines and analyses security requirements for projects with cloud deployments.
- Identifies proposal for security requirements fulfilment in cloud deployments, supported by the other Units of the Security division (accounting for the services that each Units delivers to its customers within the Generali Group).
- Reviews and validates cloud architecture in projects, by a security perspective.
- Performs evaluation of cloud security compliance, accordingly to the Group internal framework for cloud security assessment (cloud risk evaluation, cloud security measures checking in demand management, cloud technical security implementation check, post-implementation support for reviewing).
- Contributes to cloud topics in the Security documental framework (policies, guidelines, technical measures, procedures, etc.).
- Acts as interface for security technical topics by Customers for the Security Division.

**Requirements**:

- Degree in Computer Science or IT Security.
- At least 3 years of experience in the Cloud security area.
- Fluent English (at least CEFR B2, written/spoken).
- At least 1 Certification in the Security area, preferred in Cloud security topics (i.e. ISC2 Certified Cloud Security Professional CCSP, CSA Certificate of Cloud Security Knowledge CCSK, ISC2 Certified Information Systems Security Professional CISSP, UNI ISO/IEC 27017, 27018).

**Skills**:

- Functional and operational knowledge of security features of Amazon Web Service cloud (must).
- Functional and operational knowledge of security features of Google Cloud Platform cloud (preferred).
- Functional knowledge of security features of Microsoft Azure cloud (nice to have).
- Communication and interpersonal relations management skills in an international environment.
- Functional knowledge of networks, operative systems, security solutions (i.e. firewall, intrusion prevention systems, web proxy, anti ddos, antimalware, antispam, vulnerability scanner, security information and event management, identity management, cloud compliance checkers, etc.).
- Microsoft Office suite usage (Word, PowerPoint, Excel).

**Notes/Preferences**:

- Availability to travel internationally (Europe), at most 20% of the time.
- Hybrid working scheme (40% onsite, 60% remote).