The Business

team.blue was created in June 2019 by the merger of regional leading hosting providers Combell Group, Register Group and TransIP Group and offers digital presence and enablement tools such as domains, hosting, email, VPS and applications to over 2.5 million SME, SoHo and developer customers across Europe. The group consists of several well-known and respected brands, spanning across 17 European countries and operating under several brand names for each jurisdiction – with a bloodline that represents total commitment to customers

The Role

Reporting to Southern Europe CISO will be responsible for performing and monitoring the progress of the following activities:

• Support Security Manager in development, implementation and maintenance of effective security and compliance assessment campaigns,risk scenarios evaluation, vulnerability assessment /penetration test campaigns and monitoring of remediation plans
• Identify technical controls ad solutions to implement cybersecurity standards and best practice requirements on ICT assets and infrastructures;
• Support Security Manager in implementation & maintenance of ISO 27001/27017/27018 and ISO 9001 certifications and related Business Continuity plans, updating and revising company policies and procedures and presiding over all external audits;
• Monitoring CVE, relative exploiting threat scenarios publications and vendor / official remediaton plans, analysis and reporting of impact on corporate assets and processes;
• Support in incident and Data Breach management processes to keep them constantly updated to industry standards and regulations;
• Support Legal department ad DPO in Data Processing Agreement definition, addressing GDPR compliance issues on technical and organizational security measures in contracts and Data Privacy Impact Assessment
• Develop and delivery security training and awareness programs, testing responsiveness of incident and business continuity management personnel and addressing employee concerns or questions on security compliance

Required skills and experience

• At least 3 years experience as ICT Governance specialist / ICT Security specialist

• Knowledge of and experience of implementing relevant security frameworks and controls (ISO, NIST SP 800-53B , ISO27001/27017/27018, PCI-DSS, CIS) and national/international cybersecurity regulations (NIS/NIS2 directives, DPCM 14 aprile 2021 n.81, Dl 14 aprile 2021 n.82)

• Knowledge and familiarity with cybersecurity risk assessment methodologies and tools (ISO 27005 , GRC tools structure)

• Knowledge of GDPR requirements and implementation of technical and organizational controls over personal data

• Good communication skills

• BSc/BA or technical degree in computer engineering or in a related technical field

• Professional certification in cybersecurity is a plus (i.e. CISA, CRISC, CEH)

• English level B2