Head of Group IT Security Governance

Generali is a major player in the global insurance industry - a strategic and highly important sector for the growth, development and welfare of modern societies.

The Head of Group IT Security Governance, leads and coordinates the IT Security Governance Team of the Generali Group and directly report to the Group Head of IT & Operations Risks & Security.

He/she is responsible for ensuring an adequate security posture of the Group, through the definition of the Group Security Regulation and collaborate to the design of Group Security Strategy, measuring its implementation level, through appropriate Dashboards and KPIs, and ensuring its oversight through the monitoring of the Security initiatives, projects and programs necessary to improve the security posture of the Group, in line with the organization’s risk appetite.

In addition he/she will define and implement the security organization and the security regulation framework at Group level. He/she is responsible to ensure an adequate, efficient and effective budgeting, forecasting and planning process for the Security Function liaising with the relevant other corporate departments (e.g. Finance and Procurement).

He/she is responsible for the Business Continuity Management and IT Disaster Recovery framework for the Group as well as its implementation within Assicurazioni Generali S.p.A. (i.e. the Parent Company).

The Head of Group IT Security Governance is also responsible to ensure an adequate reporting to the Top Management, ensure the compliance with laws with regards to security aspects and support and liaise with Internal Audit function on Security matters.

The role complements its duties with the coordination and monitoring of the Cloud Group Policy as well as the coordination and support the Group companies in the implementation of the Outsourcing Group Policy and the continuous maintenance of the Outsourcing Policy and its implementation in Assicurazioni Generali S.p.A.

Key responsibilities:

- Define the Group cyber security regulation (policies, guidelines) related to IT/Cyber/Corporate&Physical Security;
- Establish an adequate security organization at Group level;
- Coordinate, support and monitor the status of implementation of Group strategy and internal regulation at local level preparing periodic executive reports, Dashboards and KPI reports;
- Establish and maintain a strong Project Portfolio Management tool, as well as monitor the progress, issues and risks of the security initiatives;
- Ensure an appropriate budgeting and cost management monitoring of the Function as well as for the Strategic Security Group Programs;
- Manage security checks and compliance with regulation about security;
- Manage security maturity assessments, based on leading information security standard (NIST Framework), at Group level in order to evaluate Security maturity levels and posture;
- Ensure adequate alignment at Group level about security activities, ensuring a constant and periodic dialogue with Local Chief Security Officers;
- Monitors changes on the security landscape in terms of regulatory compliance, privacy law (GDPR), new technologies and cross industry/national cyber security initiatives;
- Defines and develops Group Regulations for management of Business Continuity and IT Disaster Recovery, Outsourcing and Cloud, supervises the implementation at Group level and in Assicurazioni Generali S.p.A.

The role implies frequent contacts at an international level with Generali Group companies in the different countries and regions where the Group operates, as well as a regular interactions with Group Top Management.
- 8-10 years of experience in IT/Cyber Security in international group or major consulting firms; specific experience in financial services industry would be a plus;
- Leadership skill and ability to communication with senior executives;
- Strategic mindset and deep understanding on new technology/security trends;
- Degree-level education (Engineering, Computer Science or equivalent);
- Extensive experience on information security governance, IT risk management, regulatory compliance (e.g. GDPR) and audit procedures;
- Basic technical knowledge and experience on security technologies (like Endpoint protection, Mobile Security, Data Protection, Cloud Security, etc.) and on cyber security capabilities (SIEM, SOC, CERT, Vulnerability Management, Threat intelligence etc.)
- Experience as project manager;
- Strong knowledge of main Information Security standards and framework (ISO27001, ISO22301, ISF, NIST, COBIT etc );
- Ability to work in large, complex and international organizations;
- Advanced problem solving, analytical and communication skills;
- Demonstrated ability to manage a team and being an effective People Manager.