Information Security Officer

Job Description:

.

Scope and Purpose

In coordination with the competent Functions of the Head Office, the local ISO is responsible for ensuring the oversight at Branch level of the state of Cybersecurity and Business Continuity defining the objectives for the Cybersecurity and Business Continuity Programs and monitoring compliance with such objectives

Specific accountabilities:
* Ensure at Branch level the adoption of Cybersecurity and Business Continuity policies, guidelines, rules and processes in line with the Head Office regulatory framework
* Responsible for the oversight of the state of information security and cybersecurity
* Ensure that periodic Information flows (e.g. IT security Plan, Business Continuity Plan) are presented to the top management of the Branch and to Head Office
* Works strategically with the Head Office to ensure that all aspects of information security and cybersecurity are properly monitored and that security projects and tasks are properly coordinated
* Identifies and evaluates changes in local regulations, as well as trends in the Information Security and Cybersecurity marketplace, such as new products, new attacks and new countermeasures for applicability inside the Branch's environment
* Ensure the local execution of Business Continuity activities, including periodical Business Impact Analysis, tests and reporting, in line with Group model
* Monitors and evaluates vulnerability reports, vendor hot-fixes, and vendor patches for applicability to deployed technologies
* Monitors the access control program. Ensure that all appropriate documentation pertaining to the recording of account creations, deletions, and permissions are correctly maintained and approved
* Spread the culture of Cybersecurity and Business Continuity within the Branch, in coordination with the competent functions of Head Office, by defining and executing local annual awareness and training programs

Required Experience

* Minimum 10 years in the information security and cybersecurity environment, preferably in a Financial Institution
* Experience in technology and application development that transitioned into a leading application and information security role
* Experience in developing and delivering Information Security and Cybersecurity awareness programs

Required Qualifications, Skills and Knowledge

* Bachelor's in computer science, Information Technology or related field
* Master's degree a plus
* CISSP / CISM certification preferable

* Must display subject matter experience in application security, vulnerability testing and system testing
* Solid background in assuring high level of Information Security management and Business Continuity management in an organization
* I.T./Info/Cyber Security risk management experience and direct participation in related risk management processes, including application risk classification and application control assessments
* Experience in assessing, designing and implementation of cybersecurity controls and solutions
* Experience in dealing with many different teams, at global level, to meet the expected goals
* High seniority and standing, to represent Intesa Sanpaolo Group towards external stakeholders and regulators from cybersecurity and business continuity standpoint
* Knowledge of financial industry products and related IT platforms, a plus
* Fluent English and Turkish

About us

We are the leading banking group in Italy and one of the Top Tier in Europe. Join us and be part of our successful story!

With over 20 million customers in Italy and abroad, we are a true engine of sustainable growth, with a strong commitment to the environment and a tangible impact on society. People are our driving force. We take care of them and foster an inclusive culture where everyone feels valued and empowered.

Join an international and innovative Group. Don't wait for the future, choose it!

#sharingfuture

We guarantee an inclusive and equal environment. We will consider all applicants regardless of race, religion, sexual orientation, gender identity, marital status, national origin, age, disability, or any other protected category in compliance to D.lgs. 198/2006, 215/03 and 216/03.

For the evaluation of the application, the data will be processed by Intesa Sanpaolo S.p.A. as Data Controller. We invite you to review the dedicated Privacy Information Notice for more details