Head of Cyber Security

Generali is a major player in the global insurance industry - a strategic and highly important sector for the growth, development and welfare of modern societies. Over almost 200 years, we have built a multinational Group that is present in more than 60 countries, with 470 companies and nearly 80,000 employees.

GOSP - Generali Operations Service Platform is a joint-venture between Generali and Accenture and provides IT and Procurement services to Generali Group companies. Our purpose is to accelerate the Group's innovation and digitization strategy through the Cloud and shared platforms. Based in Italy it has 5 branches across Europe and employs about 1.000 people.

The head of Cyber Security department reports to the Chief Security Officer (CSO) of Generali Operations Service Platform (GOSP) and is responsible to oversee, lead and coordinate the activities of 3 units : the Computer Security Incident Response Team (CSIRT), the SIEM and Event management team and the Vulnerability Management and Prevention team.

As head of Cyber Security you will be responsible to lead the cyber security practice of Generali Operations Service Platform (GOSP) guaranteeing adequate security prevention, detection and response services are provided to GOSP customers to properly protect Generali IT assets from cyber attacks.

Three units reports to the head of Cyber Security : the SIEM and Event management team, responsible for the management of the Group SIEM solutions for all GOSP managed customers; the Vulnerability Management & Prevention team responsible for the definition of security prevention measures as well as to steer and operate the vulnerability management process for all GOSP managed IT assets; the Computer Security Incident Response Team (CSIRT) unit responsible to manage all security events and security incidents that might have an impact on the confidentiality, integrity and availability of GOSP IT assets.

The head of Cyber Security is responsible to properly execute the services under his / her responsibility, in coordination with the related unit heads and in alignment with the directive provided by the GOSP CSO. The strategic development of the cyber security practice is part of the head of Cyber Security duties which has to ensure proper prevention, detection and response capabilities are constantly adapted and evolved to contrast latest cyber threats.

The head of Cyber Security will work in tight cooperation with the Security Operations and Security Governance departments contributing to the overall security strategy of GOSP, highlight main cyber threats and risks that might have impact on GOSP IT assets, propose compensative measures and capabilities to be developed by GOSP to address identified risks, support the continuous evolution of maintenance of the security governance framework of GOSP.

In addition to the core cyber security activities, a tight cooperation with the main IT functions of GOSP is necessary to guarantee cyber security aspects are known by the IT departments and security directive are embedded within IT processes.

Main Tasks :

• Oversee the daily activities of the Computer Security Incident Response Team (CSIRT), the SIEM and Event management team and the Vulnerability Management and Prevention team
• Define the strategic development of Cyber Security practice of GOSP in alignment with GOSP CSO and Generali Group cyber security strategy
• Guarantee SIEM and detection solutions of GOSP are kept updated; evaluate and periodically review detection effectiveness of the solution in place, define and implement improvement steps to keep cyber security detection capabilities always up to date
• Oversee the vulnerability management process, ensuring vulnerability assessments and penetration tests are properly executed, resulting findings are addressed to the responsible team and are mitigated according to the internal processes of GOSP
• Support definition of security prevention measures for a continuous security improvement of GOSP IT assets
• Lead the Computer Security Incident Response Team (CSIRT) activities guaranteeing effective incident response capabilities of the team are adequate to face main cyber threats that might impact GOSP IT assets
• Oversee the department budget ensuring proper planning and control of financial resources
• Coordinate cyber security crisis, leading people during management of critical cyber security incidents
• Periodically report to GOSP Top Management the status updates on Cyber Security initiatives
• Cooperate with GOSP Risk Management department for the identification, monitoring and remediation of cyber security risks
• Cooperate with Data Protection Officer of GOSP
• Contribute to the definition of GOSP IT security policies framework
• Guarantee cyber security practice of GOSP is aligned and compliant with the main regulatory frameworks applicable to Insurance and Finance markets
• Contribute to the definition of the overall Security architecture of GOS