Assicurazione online per auto e moto del Gruppo Admiral
Vai al sito

Posizioni Aperte

Security Governance Specialist

Business Support Area~IT

The Security Governance Specialist will be responsible for developing, implementing and maintaining an Information Security Framework, in line with the ISO27001 and NIST CyberSecurity Framework, that allow the company to comply with the security requirements while doing business in a secure way. As part of the Security Framework, a key focus will be on mentantiance of the Business Continuity Model, supporting on BIA and on the BCP.


  • Implements the Information Security Management System and monitors the adherence of security practices to it
  • Leads the creation, implementation, monitoring, and maintenance of information security Policies and Standards
  • Manage and coordinate the Business Continuity Framework:
  1. Define the annual plan of Business Continuity Activities;
  2. Execute the Business Impact Analysis
  3. Identify the BC scenarios
  4. Define the BC recovery plan
  5. Coordinate with IT teams the execution of DR test
  6. Review and update the BC Plan
  • Establishes credibility and maintains strong working relationships with groups involved in security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, etc.)
  • Responsible for building and influencing security as a core competency throughout the organization and with our internal teams/partners/vendor
  • Engages with the Businesses and SMEs to ensure compliance to information security policies
  • Ensure that the business objectives are reflected in the information security objectives, policy, and activities
  • Supports ad-hoc data analysis requests
  • Partner with Business and IT point of contacts, to track and/or develop remediation plans for identified vulnerabilities
  • Review all current and existing vulnerabilities for active and acceptable remediation plans. These plans may be reviewed with but not limited to Business point of contacts, Application Owners, Data Owners / Custodians or System Administrators. 
  • Verify that remediation plans are implemented per remediation targets and Information Security guidelines. Proactively review and identify any potential gaps that may result in possible audit issues
  • Present key findings, progress, and all issues to leadership on a regular basis and be responsible for influencing the stakeholders to prioritize/execute risk management issues and drive remediation efforts 
  • Review all vulnerability scans and penetration tests results to identify all security risks and report on findings to appropriate stakeholders
  • Respond to relevant requests received from all stakeholders or representative of stakeholders
  • Provide all necessary reports and presentations on the status of remediation efforts and all gaps and potential obstacles or issues to management and technical staff
  • Performs other related duties incidental to the work described herein and all special assignments as needed or assigned

Must to have

  • 5 years of experience and knowledge in similar positions
  • Bachelor’s degree in a computer field
  • Information Security Governance Frameworks and Best practices
  • High English level
  • ISO27001 or other relevant Security Certification

Nice to have

  • CISSP, CISA, CRISC, ISO27001 or similar certifications
  • ISO22301

Why Conte? is a place where you can be yourself and get reward and recognition, here we want to share with you how:

  • We adapted our performance management to Agile at scale. It means frequent feedback and peer recognition. We have been breathing Agile for 5 years because it fits with our culture, not for market trends
  • We converted our career path to Agile Manifesto principles: Welcome change over following a plan. It means that we have very flexible career opportunities in line with your potential and expectations because we truly welcome change
  • People over Process: you can live in a long term journey in a primary online insurance and certified Great Place to Work
  • Way of Working: we work hybrid 3 days per week according to our smart working policy in brand new and safe offices near Virgin Gym and Shopping Center
  • Innovation: We dedicate a space on cadence for Innovation and we welcome the test & learn approach
  • International: We work together hybrid with spanish, indians and many other internationals of the Admiral Group family
  • Join Meetup and practice as a speaker if you are passionate about technology and agility. We love continuous learning and quality
  • Contribute to our Release process and DevOps pipeline
  • Learn Amazon Web Services if you are interested in increasing your technical knowledge.
  • Enjoy our benefits (Admiral shares, discounts, welfare and wellbeing to be happy in ConTe, because people who like what they do, do it better!)

Location: Rome