Head Of Cyber Security

We are a global player in the field of renewable energies, which develops, designs, builds and manages plants that generate clean energy. 

This role sits in the digital transformation team.

In this role you will be responsible for identifying threats, mitigating risk, and safeguarding our organisation from security vulnerabilities and exploits.

This person will have experience with deployment, management, and maintenance of security solutions.

Main Responsibilities

• Maintain a security framework in order to ensure the expected security properties of company assets about authentication, authorization, confidentiality, integrity, availability, non-repudiation;

• Define policies and procedures to fulfill data governance, privacy compliance, business requirements, countries and authorities constraints, security-related standard requirements;

• Adopt a security roadmap within the budget assigned to increase countermeasures to protect data, endpoints, networks and accounts from cyber attacks;

• Plan and adjust business continuity and disaster recovery measures accordingly to company’s risks, helping to decide if eliminate, mitigate, transfer or accept them;

• Lead the security operations (SecOps) by logging, monitoring, assigning incident investigation and threat response to the operational teams, declaring the War Room when needed;

• Ensure the adoption of secure software development best practices by internal teams and suppliers;

• Evaluate the security posture with vulnerability assessments and penetration tests (VA/PT), addressing any change requested;

• Coordinate the patch management process;

• Approves or denies services and change requests security-related when security approval is requested;

• Evaluate the security risk of a new technology or service being adopted, reviewing their terms and conditions;

• Aware users about cyber risks and contributes to their security training.

Key Requirements

• Information Security, Computer or IT/Telco Engineering or STEM degree

• 10+y on cybersecurity matters with different roles (analyst, specialist, consultant, manager)

• Excellent knowledge of reference framework about cybersecurity and business continuity (NIST, ISO27001, ISO22301) and security by design principles in networks, systems, applications

• Experience on cybersecurity for producers or suppliers in energy sector, facing challenges related to unattended IT/OT environments preferrable

• Deep understanding of Azure cloud and on-prem security services for mixed endpoint environment (Windows/Linux/iOS/Android)

• Able to report security metrics and executive summary to C-Level, auditors, and discuss technical details with specialists

• Fluent in Italian and English (B2), French or Spanish/Portuguese nice to have

• One or more certifications on security (CISSP, CISM, CEH, GIAC, …) as a plus

• Excellent in leadership and communication skills, team working, relationships attitude, problem solving capabilities

Location:

Milano - Martesana