Generali is a major player in the global insurance industry - a strategic and highly important sector for the growth, development and welfare of modern societies.
Within the Group IT Operations & Security Risk area we are looking for Cyber Security Analyst. Cyber Security Analyst able to design, implement and steer the Cyber Security Risk Management Framework targeting the high level, high impact Cyber related threats with the aim of enhancing the Generali Group IT Security posture. The position is a critical role within a small team of high skilled resources in the Group Head Office with the primary objective of ensuring the robustness of the Generali Cyber defenses.



The Cyber Security Analyst has to perform risk evaluation on Generali IT Assets working with both technical and business people. The Analyst must be able to deal with complex business, IT and Information Security processes and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed. Cyber Security Analyst has to develop Awareness and Training Security program, initiatives and contents for all the companies in the Generali Group with the objective to improve the security posture of the Group.
Key responsabilities of the role will include:
Establish scope of analysis and define analysis success parameters
Collect relevant data points and guide local IT Security managers with calibrating input ranges
Review results to identify potential outlier data inputs, identify potential cyber threats, analyze the risks and recommend controls based on the analysis results
Analyze existing cyber security mitigation strategies / controls and assess their effectiveness
Writing detailed reports containing findings, observations and recommendations
Identify and analyze cyber threat scenario to be consideredin the risk analysis




Define program and initiatives of security awareness and training for the Generali Group
Develop contents and assets to be used in all companies of Generali Group for security training, awareness campaign, phishing simulation activities, cyber crisis simulation, top manager security induction, etc.
Must have
Information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) are desired
Minimum two /three years of experience in security
Risk Analysis experience - preferably with NIST, ISO framework
A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber-attack simulation
Understanding how cyber impacts business objectives
Ability to understand business and technical implications
Knowledge of cyber threat vectors, both generally and sector-specific
Knowledge of current cyber threat trends and approaches
Architecture, topology, ports and protocols, services




Knowledge of emerging technologies, such as cloud, Internet of Things (IoT), data analytics / machine learning, block chain / digital currency / distributed leger technology
A good knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication
Knowledge of different threat actor categories (nation state, criminal, general hacker, hacktivists) and their common techniques
Knowledge of cyber risk estimation methodology and tool
Nice to have
Strong operational focus, ability to drive topics and deliver results even under pressure and time constraints
Superior communication skills and ability to manage a wide array of different stakeholders
An inquisitive, or problem-solving, mindset
Strong Team player




Additional Information Contract Type:
Permanent
My Profile Create and manage profiles for future opportunities.
Generali Operations Service Platform S.r.l.
Generali Operations Service Platform S.r.l.