CA Auto Bank is the digital bank specializing in sustainable mobility. With operations in 20 countries, it combines a wide range of financing, rental and mobility services with innovative and flexible banking products.

We bring together a century of solid growth and the driving vision of the Crédit Agricole Personal Finance & Mobility group, sole shareholder.

A mix of tradition and innovation that allows us to focus on important objectives, such as extending our reach in every sector, from automotive to motor vehicles, to leisure, to marine, to agriculture, to light and heavy commercial vehicles. All this while paying great attention to green mobility.

JOB DESCRIPTION

As Information Security Manager (CISO), you will drive the cybersecurity strategy across our European markets, ensuring the resilience of the Group’s digital assets. Reporting to the board and governance committees, you will bridge the gap between technical security and regulatory compliance (EU/National). This dual-mandate role also includes serving as the statutory Digital Archiving Officer (Responsabile della Conservazione) under Italian jurisdiction".

Specifically, responsibilities include the following:

Strategy, Governance & Board Reporting

• Define and drive the Group's comprehensive cybersecurity programs, securing budget and executive buy-in;
• Provide regular and comprehensive reporting to relevant corporate governance bodies, including the Risk Committee, Internal Control Committee and the Board of Directors;
• Maintain a strong functional reporting line to the Crédit Agricole Personal Finance & Mobility (CAPFM) Group CISO, ensuring full alignment with the parent company's security posture, policies, and overarching strategic frameworks;
• Lead and coordinate information security initiatives across 20 European markets, managing international teams and ensuring continuous alignment with Group targets;
• Lead the ongoing management of the ISMS and ensure the maintenance of the ISO/IEC 27001 certification;
• Act as the primary institutional contact point for the Bank of Italy and the Italian National Cybersecurity Agency (CSIRT Italia) for cyber incident management.

Regulatory Compliance

• Ensure full alignment and direct roadmap execution for relevant regulatory frameworks, particularly DORA, NIS2 and GDPR;
• Serve as the Responsible for Digital Preservation, defining comprehensive policies for the digital archiving system to ensure long-term compliance under Italian law and international standards;
• Act as the Responsible for Digital Preservation, managing the ongoing compliance and lifecycle of the digital archiving system under Italian law; this includes the periodic review and approval of the Technical Preservation Manual (“Disciplinare Tecnico”) and the continuous monitoring of digital archiving dashboards and data quality KPIs.

Cybersecurity Programs and Centralized Services

• Lead major cybersecurity deployments and RFP processes (e.g. CyberSOC, PAM);
• Supervise and validate the security of the Group’s cloud transformation initiatives (e.g., GCP, SaaS solutions) and emerging technologies, acting as a key member of the Artificial Intelligence Center of Excellence;
• Govern and oversee the centralized security solutions deployed across all 20 European markets, ensuring standardized protection and continuous monitoring through Group-level services such as MxDR, EDR, Vulnerability Scanning, Mobile Antivirus, and advanced Threat Intelligence platforms;
• Oversee cyber incident management, endpoint security (EDR), mobile protection and complex authentication architectures;
• Govern strategic vendor relationships, outsource initiatives, and conduct ICT security due diligence for acquisitions and strategic partnerships.

JOB REQUIREMENTS

• Education: Bachelor’s or Master’s degree in Computer Science, Information Security, Computer Engineering, or a related field;
• Experience: 10 to 15+ years of specific experience in cybersecurity leadership or similar senior roles (CISO, Head of InfoSec), ideally built upon a broader, extensive career (20+ years) in ICT Security, Data Protection, and Governance;
• Industry knowledge: deep, proven experience within the banking or financial services sector is required;
• Regulatory expertise: extensive knowledge of EU regulations (DORA, NIS2, GDPR) and Italian laws regarding digital preservation;
• Leadership: proven ability to manage international teams, secure C-level buy-in and present risk scenarios to the Board of Directors;
• Certifications: Lead Auditor ISO/IEC 27001 certification is required;
• Additional certifications such as CISSP, CISM or CISA are highly desirable;
• Language: advanced level of English (at least C1) and fluent Italian (necessary for interactions with national authorities).