Intesa Sanpaolo Group
Location
São Paulo, SP | Brazil
Job description
The Information Security Officer defines the Information Security and Cybersecurity objectives for the Information Security Program and monitors compliance with such objectives, in line with the Intesa Sanpaolo Group guidelines and rules, as well as local legislation and regulations. The ISO operates in strict cooperation with the relevant teams from Parent Company as well as local departments to direct the planning, development, implementation and monitoring of security governance and other related initiatives for enterprise information systems and their data in all formats. The ISO also develops and implements security training and awareness programs to educate employees about information security and cybersecurity solutions and requirements. Specific accountabilities: • Responsible for the oversight of the state of information security and cybersecurity for applications, providing periodic reports on the state of information security to the Board of Directors/Top management and for regulatory agencies when required • In reporting to the Board of Directors/Top management, considers to the extent applicable the confidentiality of Nonpublic Information and the integrity and security of Information Systems, the cybersecurity policies and procedures, the material cyber risks, the overall effectiveness of information security and cybersecurity program and possible material cybersecurity events involving the Legal Entity • Works strategically with the Parent Company and local departments to ensure that all aspects of data protection, information security and cybersecurity are properly implemented and monitored, and that security projects and tasks are properly coordinated • Performs continuous monitoring of Information Security and Cybersecurity programs to ensure compliance with objectives, policies and procedures • Identifies and evaluates trends in the Information Security and Cybersecurity marketplace, such as new products, new attacks and new countermeasures for applicability inside the Legal Entity's environment • In cooperation with the Parent Company develops, disseminates, and maintains Information Security and Cybersecurity objectives that define baseline policies regarding Information Security at the Legal Entity • In cooperation with the Parent Company develops the ICT Risk Assessment and IT Security Posture and implements the Information Security strategy • Works with information owners in business units to determine appropriate security objectives , including evaluations for security aspects for new products, services and systems • Responsible for the Business Continuity Management activities, including planning, monitoring, testing and reporting • Monitors the network for malicious activity and coordinates adequate response for these incidents • Monitors and evaluates vulnerability reports, vendor hot-fixes, and vendor patches for applicability to deployed technologies • Monitors the process of creating, changing, or removing user access across all systems, as well as the recertification process to all systems and infrastructure resources • Ensures that all appropriate documentation pertaining to the recording of account creations, deletions, and permissions are correctly maintained and approved • Monitors that all user passwords adhere to the password requirements • He Is directly responsible for the Cybersecurity and Business Continuity Training Program
• Bachelor's in Computer Science, Information Technology or related field
• Master's degree is a plus
• CISSP / CISM certification preferable Fluent in English (Conversation/Writing)
• 10+ years in the information security and cybersecurity environment, preferably in a Financial Institution
• Previous experience in technology and in application development that transitioned in a leading application and information security role
• Experience in developing and delivering Information Security and Cybersecurity governance and awareness programs,
• Experience in implementing and integrating new security tools and processes
• Must display experience in application security, vulnerability testing and system testing • Solid background in assuring high level of Information Security management in an organization • I.T./Info/Cyber Security risk management experience and direct participation in related risk and incident management processes, including incident response, application risk classification and application control assessments • Experience in assessing, designing and implementation of cybersecurity controls and solutions • Experience in dealing with many different teams, at global level, in order to meet the expected goals • High seniority and standing, in order to represent Intesa Sanpaolo Group towards external stakeholder and regulators from cybersecurity and business continuity standpoint. • Knowledge of financial industry products and related IT platform is a plus • Strong communication skills and capacity both to lead and to integrate multi-skilled teams Attitudes: goal oriented, problem solving, teamworking
Everyone is an asset for our Group and that person could be you! Check out our job opportunities, apply and join our team!
Job tags
Salary