Cybersecurity GRC Consultant

RINA is currently recruiting for a Cybersecurity GRC Consultant to join its office in GENOA, ROME, or MILAN within the Cyber Security and Management Consulting Division.

RINA is seeking a Cyber Security GRC Consultant to join our Cyber Team in GENOA, ROME, or MILAN.

The person will be responsible for:

1. Carrying out technical activities such as:
2. Identifying security risks within organizations and complex systems/architectures.
3. Designing security measures and providing recommendations to improve security postures.
4. Verifying compliance with laws, regulations, and standards related to security and cybersecurity.
5. Supporting Customers in cybersecurity-related activities.
6. Drafting technical and procedural documents related to:
7. IT Security Governance, Risk, and Compliance aspects (e.g., ISO/IEC 27001:2022, NIS/NIS2 directives, PSNC).
8. INFOSEC aspects (e.g., National Scheme for IT products security evaluation, Common Criteria/ISO 15408, ENISA EUCC).
9. Cybersecurity in Industrial Automation Control Systems (e.g., IEC 62443 requirements for risk assessment, systems, and components).
10. Marine cybersecurity requirements from the International Association of Classification Societies (e.g., IACS Unified Requirements, IMO circulars).
11. Maintaining and updating RINA cybersecurity guidelines and assessment methodologies.
12. Supporting business development from a technical perspective, including drafting technical offers and detailing services (for senior personnel).

Bachelor’s Degree in Engineering (General).

Requirements:

1. Knowledge of laws, regulations, international standards, and best practices (e.g., ISO/IEC 27001, NIST Cybersecurity Framework, NIS/NIS2, ISA/IEC 62443, Common Criteria/ISO 15408, ISO 21434).
2. Engineering academic background.
3. Strong problem-solving skills.
4. Excellent verbal and written communication skills in Italian and English.
5. Flexibility and ability to multitask in a fast-paced environment.
6. Willingness to travel within the country and abroad.

Desired Requirements:

1. Experience with a wide range of computer systems and security tools.
2. Security certifications such as ISO/IEC 27001 Lead Auditor, GIAC/GICSP, ISA/IEC 62443 certifications, CEH, OSCP, ISACA CISM/CISA/CRISC, ISC2 CISSP.
3. Knowledge of programming languages (Java, C/C++, C#, VB.Net, Python), their interfaces with DBMS, and development environments.
4. Understanding of networking concepts (segmentation, protocols, security), with experience in network administration/configuration appreciated.
5. Ability to see the big picture and interpret situations from multiple perspectives.
6. Ability to build trust and forge relationships across departments and outside the organization.
7. Focus on client needs and expectations to ensure satisfaction.
8. Trustworthiness and openness to diversity.
9. Effective decision-making skills, prioritizing activities and managing resources.
10. Emotional management and self-awareness.