Cybersecurity GRC Specialist

BIP · Roma, Lazio, Italia · · 50€ - 70€

Descrizione dell'offerta

Cybersecurity GRC Specialist – This role mitigates cybersecurity risks arising from digital transformation, working within the Strategy Governance cluster to support CISO/CSO/ICT managers and senior leadership in developing and implementing security governance, risk management, and compliance programs.

Responsibilities

  • Guide complex projects on cybersecurity strategy, governance and risk management , ensuring delivery quality, stakeholder coordination, and adherence to time, budget, and objectives.
  • Support enterprise clients in defining multi-year cyber strategies, operational models, ICT and cybersecurity development plans, and remediation programs based on risk, business priority, and regulatory requirements.
  • Analyze national and European regulations, including NIS2, DORA, Cyber Resilience Act, National Cybersecurity Security Perimeter, Cloud Regulation, ACN measures and sector-specific requirements, translating them into ICT, cybersecurity, governance, and control obligations.
  • Design and implement cyber risk management frameworks covering risk assessment methodologies, scenario planning, KPIs/KRIs, control assurance, maturity metrics, and executive reporting.
  • Support implementation, maintenance and improvement of information security and business continuity management systems, specifically ISO/IEC 27001, 27017, 27018, 22301 and frameworks such as NIST CSF 2.0, SP 800, CIS Controls, COBIT, ITIL .
  • Conduct risk assessment, maturity assessment and gap analysis against regulations, standards and reference frameworks, identifying exposures, intervention priorities, and sustainable mitigation plans.
  • Assist in designing third-party and supply-chain risk management models, focusing on critical vendors, cloud providers, ICT outsourcing, managed services, technology supply chains and contractual security requirements.
  • Contribute to assurance, audit readiness and certification programs, guiding clients through certifications such as ISO 27001, 22301, SOC 1/2, CSA STAR, TISAX, HDS and other applicable frameworks.
  • Develop processes, policies, procedures, guidelines and internal standards that capture regulatory, contractual, technological and organizational requirements related to cybersecurity, continuity, incident management and ICT governance.
  • Create executive memos, dashboards, board-level reports and decision-making materials for CISO, CIO, CSO, risk committee, and top management, summarizing trade-offs, strategic options, impacts, dependencies, residual risks and investment priorities.

Qualifications and Characteristics

  • Minimum 3 years experience in consulting firms on cybersecurity compliance and security risk management projects.
  • Experience implementing national and international regulatory compliance in cybersecurity domains (e.g., NIS2, National Cybersecurity Perimeter, Cloud Regulation, DORA).
  • Competence in adopting and applying international cybersecurity frameworks, best practices and standards (ISO/IEC 27001, 22301, CSA STAR, NIST CSF, SP 800, etc.).
  • Prior implementation experience of management systems such as ISO 27001, 22301, 20000‑1, SOC 1/2, CSA STAR Lev 2.
  • Experience drafting policies and/or procedures.
  • Ability to produce managerial reporting and executive summaries.
  • Knowledge of key cybersecurity technologies.
  • Excellent command of English, written and spoken.
  • International experience or ability to work in multicultural, multi-country, multi-stakeholder environments, engaging with C‑level and top management.
  • Ability to contribute to commercial proposals, technical offers, client presentations, business development and methodological asset creation.
  • Bachelor’s or advanced STEM degree or higher education (e.g., master or specialized university courses in data protection and cybersecurity).

Plus

  • Security certification: ISO 27001 Lead Auditor / Lead Implementer, ISO 22301 Lead Auditor / Lead Implementer, CSA STAR Auditor, CompTIA Security+, CISSP, CISA, CRISC, ITIL or equivalents.
  • Previous experience on regulated sectors or critical infrastructure (energy, telecommunications, transport, public administration, defense, cloud provider or essential digital services).

Benefits

  • Non-numeric individual focus – you are never just a number.
  • Team collaboration to address vulnerabilities.
  • Continuous training program with industry-leading certifications (CISSP, CISM, CISA, ISO 27001, etc.).
  • Health insurance, preventive check-ups, wellness platforms and integrated welfare plan.
  • Meal vouchers and additional benefits.

#J-18808-Ljbffr
Candidati ora Torna all'elenco

Azioni

Candidati ora Salva nei preferiti Torna all'elenco