Information Security Officer

Job Description

Information Security Officer

Information Security Officer

Rome

This is Worldline

We are the innovators at the heart of the payments technology industry, shaping how the world pays and gets paid. The solutions our people build today power the growth of millions of businesses tomorrow. From your local coffee shop to unicorns and international banks. From San Francisco to Auckland. We are in every corner of the world, in every part of commerce. And just as we help our customers accelerate their business, we are committed to helping our people accelerate their careers. Together, we shape the evolution .

The O pportunity

We are looking for a Risk Security Specialist that ensure appropriate risk mitigation and control processes for security issues, defining and maintaining policies and documentation for the company's security program. Your principal job will be working with the 1st Line CyberSecurity team to address risks in the organization, conducting risk assessments regularly and reporting the effectiveness of security controls to the management.

Day-to-Day Responsibilities

• Monitoring and participate to the further development of the security governance and internal control system relevant tools, systems and processes
• Managing Security Governance ( integration, Cyber Risk mitigation approach, Cyber Risk Assessment)
• Monitoring compliance with local and industry specific regulations (PCI DSS, ISO27001, DORA, etc. ), and implementation of required measures
• Conducting periodic audits of internal security controls to validate the effectiveness, identify risks and promote continuous improvement
• Monitoring and collaborating into internal and external audits
• Providing guidance to the 1st line security organization
• Monitoring, governing and validating security maturity level of key suppliers
• Supporting the Information Security activities of Group Security organization for your scope
• Monitoring the activities of 1st Line Security in terms of respect of security guidance
• Managing Security Internal controls : nature, scope, techniques of Security Internal Control System, control types )
• Reporting and monitoring : define KPI, Board reporting, Internal Committee Reporting
• Define and managing Security Governance Framework (data classification, access control, policy formulation, incident response and compliance with legal and regulator standards.
• Carry out assessment, define gaps and managing action regarding regulatory law (DORA, EBA, etc)
  
  

Who Are We Looking For

We look for big thinkers. People who can drive positive change, step up and show what’s next – people with passion, can-do attitude and a hunger to learn and grow. In practice this means:

• Bachelor/Master in IT Security, Engineering, Management Engineering or equivalent
• Minimum 6 years of experience in Information security, security risk management and/or cyber security, security governance
• Proven knowledge of relevant security frameworks (ISO27001, PCI,…)
• Knowledge of the payment industry is a plus
• Certificate in security (e.g. CISA, CISM, CRISC, CISSP) is a strong plus
• Excellent analytical skills with eye for detail
• Excellent communication and presentation skills in English both verbally and written (min B2.2)
• Results driven and persistent
• Multicultural mindset and flexibility, able to work in an international environment
• Should have in-depth knowledge of the regulations of the security sector with particulars regarding the DORA regulation and ICT EBA guidelines