IMI CIB - ISPIRE - Information Security Officer

Apply now »

Date: May 17, 2024

Location: Dublin, IE

Company: Intesa Sanpaolo Group

 

Intesa Sanpaolo is the banking group leader in Italy. Assisting more than 14,6 milion of retail customers through a network of 5360 branches, it significantly supports the development of Companies and gives an important sustain to the country's growth. The Group has a selected retail banking presence in Central and Eastern Europe, the Middle East and North Africa, with approximately 1,000 branches and 7.2 million customers in 12 countries. Intesa Sanpaolo is also present in 25 countries in support of its corporate customers’ cross-border business. It is looking for new qualify profiles who want to face demanding and challenging career path with the following requirements:

Scope and Purpose

 

The Information Security Officer (ISO) spearheads the Information Security and Business Continuity efforts for the Bank, ensuring that local information security activities align with the Group Security  Plan.
The ISO collaborates closely with Head Office to guide the planning, development, implementation, and monitoring of information security for the banks enterprise's information systems.
Additionally, the ISO is responsible for developing and implementing security training and awareness programs to educate employees about the importance of information security, as well as business requirements and solutions related to cybersecurity
Specific Accountabilities:

  • Oversight and Reporting: Responsible for overseeing the state of information security and business continuity across the bank, providing periodic reports to the local Board of Directors and Group Head Office.
  • Business Continuity Management: Ensure the local execution of Business Continuity activities, including periodic Business Impact Analysis, BCM testing, and reporting, in alignment with the Group model.
  • Policy Development and Implementation: Develop, adopt, and periodically update local cybersecurity and business continuity policies, rules, processes, and procedures in alignment with the Head Office's regulatory framework and also satisfy Irish regulatory requirements
  • Third Party Security Management: Leading third-party information security management activities. This requires guiding and supporting the banks departmental heads in the selection of third-party service providers, ensuring that these choices align with the organisation's information security standards and local regulatory requirements..
  • Incident Response:  The ISO is responsible for the development, annual review and periodic update of local incident response policy, process and procedures, which must align with Head Office's group requirements and concurrently satisfy Irish regulatory requirements
  • Information Security Training: Direct responsibility for the local Information Security Training Program, providing regular, ad hoc training and awareness for bank staff on information security best practice and raising awareness of current threats.
  • Strategic Collaboration: Work strategically with the Head Office to monitor all aspects of information security and cybersecurity, ensuring professional coordination of security projects and tasks.
  • Continuous Monitoring: Perform continuous monitoring of Information Security and Cybersecurity programs to ensure compliance with objectives, policies, and procedures.
  • Regulatory and Threat Landscape Evaluation: Identify changes in local regulations which are relevant to the bank and maintain an initiative-taking awareness of changes in the Information Security and Cybersecurity threat landscape, concurrently, assessing new security products, attack vectors, and countermeasures.
  • Security Objectives Coordination: Work with information owners in business units to determine appropriate security objectives for resources.
  • Access Control and Compliance: Monitor the access control program, ensuring proper documentation and compliance with account management and password requirements.
     

Required Experience

 

  • Minimum 5 years’ experience of Information Security management and Business Continuity management activities.

Required Qualifications, Skills and Knowledge

 

  • Bachelor's degree in Computer Science, Information Technology or relevant technical field
  • Experience leading, implementing and driving a third-party security  management programme
  • Experience of developing and applying a controls environment based upon the NIST Cyber Security Framework across an organisation
  • Experience in developing and delivering Information Security and Cybersecurity awareness programs
  • Experience in information security risk classification / management
  • Experience in information security incident response activities
  • Master’s degree in appropriate technical area (Information Technology / Information Security)
  • Preferable Certified Information Security Manager (CISM)
  • Preferable to have experience working in a financial organisation and an understanding of financial processes.

 

Everyone is an asset for our Group and that person could be you! Check out our job opportunities, apply and join our team!

Apply now »