Junior IT & CYBER Risk Manager

Generali is a major player in the global insurance industry – a strategic and highly important sector for the growth, development and welfare of modern societies. Over almost 200 years, we have built a multinational Group that is present in more than 60 countries, with 470 companies and nearly 80,000 employees. 

GOSP – Generali Operations Service Platform is a joint-venture between Generali and Accenture and provides IT and Procurement services to Generali Group companies. Our purpose is to accelerate the Group’s innovation and digitization strategy through the Cloud and shared platforms. Based in Italy it has 5 branches across Europe and employs about 1.000 people.

The candidate will be part of the team CRO

CRO has the following accountabilities:

– To guarantee an integrated risks management system through the definition of the risk strategy including risk appetite, limits and risk mitigation and through the identification, monitoring and reporting of risk and a forward-looking approach on risks to which GOSP is exposed to in the performance of its activity.

– To grant effective support to main Group risk Management initiatives within the GOSP area of competence and responsibility.

– The scope of the activities is the management of operational risks, especially Digital and Cyber risks, related to the core business of the Company.

The ideal candidate supports periodic risk campaigns, supports all departments in risk detailed analysis, and supports risk analysis in strategic projects. The goal of the activities is to achieve the higher added value of risk analysis for Top Management and Generali Group business units. He/ She gives guidance on Risk methodology.

The ideal candidate supports also Head Office and other Group Legal Entities for IT Risk evaluation necessary for Group’s Digital Risk activities. The goal of the activities is to reach a common and harmonized IT Risk methodology across the Group, in line with Regulators’ expectations.

The candidate will take care of the definition, implementation, collection of Key Risk, Indicator for operational risk events, preparing risk report, facilitating the discussion with Risk Owner and Top Management.

Main Tasks: 

  • Overseeing the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls and emerging risks
  • Contributing to the improvement of the internal control system by identifying new options for responding to the risks to which they are exposed and specially to cyber risk
  • Supporting vertical special risk assessment in particular on specific projects or emerging technologies
  • Supporting the fulfilment of existing reporting requirements and actively participates in the production of reports for senior and top management
  • Supporting the risk identification, risk analysis, risk mitigation driving actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices
  • Performing for regular alignment on shared risks with all Legal Entities involved in IT Risk activities

Requirements: 

  • Bachelor’s degree in Computer Science, Mathematics, Statistics or related
  • Fluent English, another European language(s) is a plus
  • At least 5 years of experience in IT and/or cyber security
  • Effective presentation skills
  • Knowledge of one or more international standards (e.g. ISO 31000, COBIT 2019, ITIL v3, ISO 27001)

The following requirements are not mandatory but are a plus:

  • Experience in risk, compliance or audit topics
  • Knowledge on risk-based approaches
  • Basic project management skills
  • The achievements of one or more of the following professional certification is a nice-to-have: CISA, CISM, CGEIT, CRISC, ISO27001 LA, COBIT 2019 Foundation, CSX Fundamentals, CSX Practitioner, ITIL v3 Foundation, CIA, CRMA

Skills: 

  • Working and collaborating in team
  • Strong listening and mediation/negotiation skills
  • Problem-solving and analytical skillset 
  • Communication skills and ability to manage a wide array of different stakeholders
  • An untarnished reputation for integrity
  • A global mind-set
  • Proactive approach, strong achievement, ownership and result oriented
  • Embrace diversity and different culture
  • Time management and self-organization skills

Additional Information

  • Contract Type: Permanent