Security Governance Specialist

We are the leading Tech Company in Europe, supporting digital innovation for over 45 years. We are committed to bringing digital technology into every business by putting customers first and becoming the go-to partner for professionals, small, medium and large companies, offering customised solutions and services to optimise business processes from HR and customer relations to e‑invoicing and digital payments.

The Research and Development team is the beating heart of the Group’s innovation. We are constantly committed to researching and developing new technologies and solutions to anticipate market needs and exceed our customers’ expectations. We invest significantly in artificial intelligence (AI), exploring its potential to develop innovative solutions and improve our products and services.

Responsibilities

In a fast‑paced development environment focused on growth and innovation, you will be responsible for translating requirements into code to create, improve and maintain high‑quality software.

• Drive the continuous improvement of the organization’s application security maturity, defining a structured and scalable approach to secure software development across teams and products.
• Define, measure and track key security KPIs related to vulnerability management processes (e.g. detection, remediation, exposure time), providing visibility on risk and progress over time.
• Lead application security initiatives across the organization, implementing security‑by‑design principles from the early stages of development.
• Contribute to the definition and evolution of security controls and practices, maintaining alignment with internal standards, regulatory requirements and industry frameworks.
• Collaborate with Product Owners and development teams to align security objectives with business priorities and promote a shared security culture throughout the software development lifecycle.

Qualifications

• Good knowledge of application security frameworks such as SAMM, ASVS, NIST CSF and similar.
• Excellent understanding of certification standards such as ISO 27000, NIS2, DORA, ACN guidelines, PCI‑DSS and their impact on application security.
• Knowledge of AI‑focused risk and security frameworks, including NIST AI RMF, EU AI Act requirements, ISO/IEC 23894, OWASP Top 10 for LLMs and Google SAIF (plus).
• Understanding of AI‑related risks, key facts and ecosystem dynamics, paired with strong curiosity and continuous awareness of the current and emerging AI technological landscape.
• Advanced proficiency in English (C1 level).

What we offer

• WELLBEING: We have a short working week! You will not work on Friday afternoons, allowing you to devote time to your personal interests. To support this, we offer a welfare plan tailored to your needs, with many services and benefits for your wellbeing.
• FLEXIBILITY: We believe in mutual trust! You won’t clock in and out, and you’ll work in a flexible, hybrid way. We provide everything you need to be productive and connected remotely.
• DEVELOPMENT AND GROWTH: We invest in people! You’ll take part in a personalised development programme to build your skills and contribute to the achievement of the company’s goals.
• DIVERSITY AND INCLUSIVITY: We value differences! You will work in an inclusive environment based on collaboration and respect. Our leadership focuses on trust and growth for each talent.
• IMPACT: We work with pride! We are committed to creating shared value for our customers, partners and the community. In every project, we focus on sustainability and innovation.

Location

The position is opened in the Milan or Rome offices.