Risk Management Specialist

Social network you want to login/join with:

We are looking for a Risk Management Specialist to support the implementation and continuous improvement of our Group Risk Framework. This role is crucial in identifying, assessing, and mitigating risks across strategic, operational, legal, and technological areas. The scope includes cybersecurity, privacy & compliance, internal controls (e.g. 231/2001), insurance, environmental risk, and whistleblowing systems.

Key Responsibilities

• Maintain and evolve the Group Risk Management Framework, ensuring alignment across all legal entities
• Conduct and coordinate risk assessments across countries and business areas
• Monitor cybersecurity risk exposure, working closely with IT and security teams to ensure protection and business continuity
• Ensure compliance with data protection regulations (e.g. GDPR, China PIPL, CCPA) and support DPO activities
• Oversee the effective implementation and monitoring of Italian Legislative Decree 231/2001, including interaction with the Supervisory Body
• Supervise and continuously improve the Group Whistleblowing System, ensuring confidentiality, proper follow-up, and compliance with EU Directive and local laws
• Manage the Group insurance program, coordinating with brokers and subsidiaries on renewals, claims, and risk transfer strategies
• Support ESG risk management and contribute to environmental risk assessments and reporting
• Prepare periodic risk dashboards and reporting for senior management, internal stakeholders, and the board
• Assist in the coordination of internal audits and compliance reviews
• Promote a risk-aware culture across the organization, including training and awareness programs on key risk topics (e.g. cyber, ethics, data protection, whistleblowing)

Requirements

• Degree in Law, Economics, Engineering, or a related field
• 3–5+ years of experience in Risk Management, Compliance, Internal Audit, or similar functions, preferably in an industrial and international setting
• Solid understanding of enterprise risk management, cybersecurity principles, data privacy regulations, and internal control systems
• Familiarity with Model 231/2001, whistleblowing frameworks, insurance programs, and environmental & ESG risks is strongly preferred
• Working knowledge of international standards and regulations: ISO 31000, ISO 27001, SOX, COSO, etc.
• Strong communication and interpersonal skills; able to interact with diverse teams and cultures
• Fluency in English (written and spoken) is required; Italian and other languages (e.g., German, French, Spanish) are a plus
• Willingness to travel occasionally across Europe and internationally