Cyber Security Analyst

Generali is a major player in the global insurance industry – a strategic and highly important sector for the growth, development and welfare of modern societies.   Over almost 200 years, we have built a multinational Group that is present in more than 60 countries,

Generali is a major player in the global insurance industry – a strategic and highly important sector for the growth, development and welfare of modern societies.
 
Over almost 200 years, we have built a multinational Group that is present in more than 60 countries, with 470 companies and nearly 80,000 employees. Our Group aims to become the standard bearer and industry leader in the European retail insurance market, building on our existing base of 50 million retail clients, out of an overall total of 72 million.
 
Within the Group IT & Operations Risk & Security we are looking for a Cyber Security Analyst.
 
Group IT & Operations Risk & Security in charge of developing the Group Information, IT Security and cyber risks governance, as well as detecting and ensuring the mitigation of IT risks at Group level, in particular, with the responsibility to: 
  • Set and monitor the IT security standards, architecture and requirements ensuring their implementation, as well as leading and monitoring  the response and mitigation of the cyber threats and attacks, in coordination with other relevant Group Functions
  • Define the Group IT security governance and supervise its implementation; define the IT security Group policies and guidelines, standardize the IT security processes and harmonize related tools across the Group; lead and monitor the IT security activities at Group level, including those performed by Generali Shared Services
  • Manage IT risks through their detection, identification, monitoring, evaluation and mitigation
The Cyber Security Analyst is able to design, implement and steer the Cyber Security Risk Management Framework targeting the high level, high impact Cyber related threats with the aim of enhancing the Generali Group IT Security posture. The position is a critical role within a small team of high skilled resources in the Group Head Office with the primary objective of ensuring the robustness of the Generali Cyber defenses. The Cyber Security Analyst has to perform risk evaluation on Generali IT Assets working with both technical and business people. The Analyst must be able to deal with complex business, IT and Information Security processes and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed.
 
Main tasks:
  • Apply cyber security risk management principles to conduct quantified assessment of  first line business applications, systems and processes according to an established Generali Group methodology
  • Establish scope of analysis and define analysis success parameters
  • Collect relevant data points and guide local IT Security managers with calibrating input ranges
  • Review results to identify potential outlier data inputs, identify potential cyber threats, analyse the risks and recommend controls based on the analysis results
  • Analyse existing cyber security mitigation strategies / controls and assess their effectiveness
  • Writing detailed reports containing findings, observations and recommendations
The ideal candidate will meet the following requirements:
 
Must have
  • Risk Analysis experience – preferably with NIST, ISO framework
  • A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber-attack simulation
  • Understanding how cyber impacts business objectives
  • Ability to understand business and technical implications
  • Knowledge of cyber threat vectors, both generally and sector-specific
  • Knowledge of current cyber threat trends and approaches
  • Architecture, topology, ports and protocols, services
  • Knowledge of emerging technologies, such as cloud, Internet of Things (IoT), data analytics / machine learning, block chain / digital currency / distributed leger technology
  • A good knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication
  • Knowledge of different threat actor categories (nation state, criminal, general hacker, hacktivists) and their common techniques
Soft skills
  • (soft skills)
  • Strong operational focus, ability to drive topics and deliver results even under pressure and time constraints
  • Superior communication skills and ability to manage a wide array of different stakeholders
  • Affable, with a high tolerance for ambiguity
  • Strong Team player


Milan, Lombardie, Italie Milan Lombardie IT