Local Information Security Officer

wefox is Europe’s leading InsurTech that is reinventing insurance at scale, with a record-breaking Series C funding round of $650 million in 2021, making it the largest funding round of any InsurTech to date.

wefox is revolutionising insurance by empowering the customer and delivering personalised experiences, driven by data. Our vision is to enable people to be safe. By providing our customers 360 degree advice through our network of advisors, we optimise each individual's risk coverage through innovative prevention, assistance and insurance products.

For our Italian holding of wefox AG - wefox Italy - we are currently looking for a Local Information Security Officer you will be responsible for driving the Global Information Security strategy at a country level (Italy-Milano) and maintaining operational engagement with key leaders within the Business, IT and Tech teams.,

**wefox Italy owns 100% of Mansutti S.p.A. and Mach-1 S.r.l.**:

- Mansutti: is one of the major insurer brokers in Italy with almost 100 years of experience. It is specialized in assisting corporate clients by designing and implementing insurance programs to protect their assets and their businesses and creating affinity programs for their customer base increasing revenue for the client and finalization of their customer base.
- Mach-1: is the leading insurance agency in Italy as per automotive business with automotive manufacturers. It is specialized in the implementation and handling of insurance affinity programs for partners in the automotive, utilities and bank through innovative mobility platforms.

**The Role**:

- As the Local Information Security Officer you will be responsible for driving the Global Information Security strategy at a country level (Italy-Milano) and maintaining operational engagement with key leaders within the Business, IT and Tech teams.
- In your role you will report to the Local Head of IT Organization with a strong functional alignment to the Group Chief Information Security Officer.
- You will build strong relationships with the key stakeholders and support teams. These relationships will enable you to assess business practices, identify gaps in security controls and lead the development and execution of information security initiatives. Additionally, you are expected to interact effectively and strategically with IT leadership, Tech Engineering teams, Internal Audit, Risk Management, Legal and Privacy.
- You are also expected to have a good understanding of our core business and how our technology can securely enable it.
- In your role you are not only accountable for the Information Security Governance but also for the hands on execution and implementation of Security projects.

Main responsibilities
- Lead the information security function across the country to ensure consistent and high-quality information security management in support of business goals, and in line with the Group Security Standards.
- Responsible for informing and influencing the business strategy, aligned with the Information Security strategy and roadmap.
- Responsible for leading operational engagement and own supporting metrics for measuring Information Security maturity at a country level.
- Responsible for supporting Group Information Security leadership in the identification and communication of relevant Information Security-related issues, risks, and events in the organization.
- Oversee the awareness of regional stakeholders and partners to be security champions within their organizational units and promote security best practices.
- Coordinate and advocate for wefox’s security needs with Information Security architects, engineers, and analysts.
- Track and coordinate Information Security involvement in business-driven technology projects.
- Responsible for keeping abreast of Information Security trends, with an ability to articulate security-related themes and principles in business terms.
- Responsible for driving the delivery of Information Security plans and implementation of leading practice controls, with an understanding of proactive defense principles and strategies.
- Responsible for leading the regional business-engaged risk exercises to identify and measure risk and develop mitigation strategies.
- Actively engage and support security incident response team in resolution and closing of investigations of incidents with ownership of post mortem and remediation plans.

**What you bring**:

- Bachelor’s degree in Computer Science, Engineering or related field; or equivalent combination of education/professional experience in a similar role.
- Having at least 10+ years of experience in the Information Security industry.
- In-depth knowledge of the main regulations and standards (GDPR, ISO 27001, NIST CSF, PCI-DSS, OWASP, COBIT, CIS, etc.).
- Deep understanding of compliance and regulatory frameworks as IVASS, ANIA, FMA, BAFIN, EIOPA, etc.
- Experience to move seamlessly from strategy to execution and deliver t