Cybersecurity - CoE Manager

General information

Division Angelini Holding
Function Information Technology
Reports to Head of Cybersecurity
Number/role of direct reports None
Job location Roma
Site managed

Multi-sites

Job purpose

The Cybersecurity - CoE Manager is responsible for managing the Cybersecurity Center of Excellence (CoE) within the company. This role ensures the organization's information assets, systems, and networks are protected from potential cyber threats and vulnerabilities.

The Cybersecurity - CoE Manager develops and implements comprehensive security strategies, and establishes policies and procedures to safeguard the company's digital assets. 

He/she will continuously assess and enhance the company's cybersecurity posture, mitigate risks, and ensure compliance with relevant regulations and standards.

The Cybersecurity - CoE Manager will collaborate closely with cross-functional teams, executive leadership, and external partners to establish a strong cybersecurity enviroment, enhance a culture of security awareness, and enable secure digital transformation initiatives across the organization.

Main Activities and Responsibilities

Work with the CISO to develop a security program that address identified risks and business security requirements
Design, implement and maintain s Security by Design Framework & Operating Model to embed security requirements into the entire software, systems and products lifecycle with a risk management approach, including regulations, industry and business requirements
Conduct risk assessments to incorporate security requirements into the design, development and material changes of software, systems, and products right from the beginning, collaborating with cross-functional teams and vendors
Continuously assess the software, systems, and products to verify that security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations
Assess and priodically monitor vendors' security controls to determine the compliance to the organization's security requirements, to identify any potential security gaps that may pose a risk and to enables appropriate threatment plan
Promote security awareness and provide training to the relevant teams on security by design best practice (secure coding, common vulnerabilities, cloud security, etc.)
Future Business Challenges:
- Incorporate security controls ensuring data integrity across interconnected systems and emerging technologies (including Artificial Intelligence) in a fast and agile environment and an evolving threat landscape
- Ensure compliance with the regulatory landscape for data protection that rapidly evolving and safeguarding sensitive information from unauthorized access, breaches and Intellectual Property infringement
- Ensure security and integrity of the supply chain involving multiple vendors, distributors, and partners

Other information

Education University Degree in Computer Science
Languages
English
Italian
Experience (3-5 years)

Experience in the Cyber Security field.

- Transformation experience

- Launch an innovative Corporate Program

- Launch of a new product on the market

- Specialistic career track record

- Common information security management frameworks and best-practices (eg. ISO2700x, ITIL, COBIT, NIST, OWASP, MITRE ATT&CK), in particular with Thread Modeling & Secure Software Development Lifecycle (SSDLC) methodologies and frameworks

- Projects and operations on full-stack of IT infrastructure (Cloud, Network, Applications, Databases, etc..) and on key cybersecurity technologies (e.g., SOC, SIEM, EDR, DLP, WAF, IAM, etc.)

- Cybersecurity related laws and regulations

- Service & Vendors management

- Third Party Risk Management

- Cybersecurity Metrics & Reporting

Differentiating expertise:

- Applications and systems security testing (white box, black box, code review, vulnerability assessment)

- Integration of Security in DevOps

- OT/IoT Security 

- Architecture Framework (eg. TOGAF/SABSA)
Technical and Soft Skills
Cyber threats prevention
Tools protection
Environment protection
Risk Management
Information systems security
Change agility
Business acumen
Thinking with creativity and innovation
Managing complexity
Critical thinking to solve problems
Data driven decision making
Prioritizing and organising
Getting things done
Understand and demonstrate the fundamentals of cybersecurity, including risk management; privacy principles; policy, law, and ethics; networking and systems; digital resilience; digital literacy; and computational literacy
Proficiency in performing threat, business impact, control and vulnerability assessments, and in defining treatment strategies
Strong understanding of the business impact of security tools, technologies and policies
Knowledge of developing, documenting and maintaining security policies, procedures, standards, guidelines, architecture and plans
Ability to work effectively with business managers, IT engineering, IT operations, legal, audit and compliance staff
Ability to interact and build strong relationships at all levels and across all business units and organizations, and understand business imperatives
Project management skills in creating and managing project plans, including budgeting and resource allocation
Negotiation abilities for engaging in productive discussions, finding common ground, and resolving conflicts or differences of opinion
Apply for this job

The positions you can apply for