Cyber Security Grc Consultant

RINA is currently recruiting for the Cyber security GRC Consultant to join its office in Genova within the Digital Technology and Cybersecurity Division.

We are looking for an experienced Cybersecurity Engineer to join and strengthen our technical team.

• Identifying security risks in organizations and complex systems / architectures;
• Designing security measures and providing recommendations to improve security posture;
• Ensuring compliance with laws, regulations, and cybersecurity standards;
• Supporting customers in cybersecurity-related activities;
• Drafting technical reports (often in English);
• Maintaining and updating RINA cybersecurity guidelines and assessment methodologies;
• Providing technical support for business development, including drafting proposals and defining services;

Coordinating junior staff when applicable.

Bachelor’s Degree in Computer Science or Information Systems

• At least 3 years of experience in cybersecurity, with proven expertise in GRC topics, GDPR technical aspects, and knowledge of relevant standards / regulations;
• Strong knowledge of laws, regulations, international standards, and best practices (e.g. GDPR, ISO 27000 family, NIST Cybersecurity Framework, NIS Directives, ISA 62443, Common Criteria / ISO 15408, etc.);
• Experience in Governance, Risk & Compliance activities for IT / OT security;
• Ability to identify and analyze information security risks in diverse contexts;
• Excellent problem-solving skills;
• Strong verbal and written communication skills in Italian and English;
• Flexibility and ability to manage multiple tasks in a fast-paced environment;
• Willingness to travel domestically and internationally.

• One or more recognized security certifications (e.g. ISO 27001 Lead Auditor, ISA 62443, ISACA CISM / CISA / CRISC, ISC2 CISSP, Data Protection Officer, etc.).

Knowledge of security tools and platforms such as :

Governance Risk Compliance (GRC) platforms.

Previous experience with security certification processes for Information Security Management Systems (ISO / IEC 27001) or IT / OT products (Common Criteria, ISA 62443).

ADDRESS THE WAY - Have a big picture of different situations and reinterpret it in a perspective way

BUILD NETWORK - Forge trust relationships, across departments, and outside the organization

CLIENT INTIMACY - Embrace internal and external client needs, expectations, and requirements to ensure maximum satisfaction

EARN TRUST - Take everyone's opinion into