Key Interface Internal-External:
Key Process Owners, ISMS stakeholders and commitee, IT 'services and Managers, external consultant;  Purpose:
Supervise the respect of ISMS requirements within Technological and Application activities
Main Responsibilities:
- participate in setting up the information security management system (ISMS) as defined and authorized by the management of the DL Group, acquiring full responsibility and autonomy over time;
- participate in the evaluation of the areas / processes defined by the company priorities to identify the critical issues related to the impact on the business, the vulnerability of information, caused by organizational deficiencies or defects in software/hardware, infrastructures, which could expose the company to a security breach;
- propose security measures and / or policies of passwords, firewalls and intrusion detection systems in order to keep the effectiveness of the measures defined and implemented adequate;
- contribute to ensuring the continuity of the ISMS, establishing and applying the security policies defined and authorized to protect sensitive information from unauthorized and / or unaware by the organization;
- ensure the effectiveness of existing security measures, such as firewalls, password policies and intrusion detection systems, make recommendations to improve security based on their assessments and knowledge of current and emerging threats;
- propose and contribute to implement , training and awareness programs for employees to reinforce the importance of information security. Provide evidence of good practice and explain the risks of inadequate security practices;
- examine and approve, with regard to the ISMS aspects, rules and procedures and/or their changes  implemented by the process owners, to ensure that the resulting level of risk complies with the policies defined for each criticality level and tolerable risk level;
- transfer within the group, based on the priorities set by the Company’ Management, of the best practices implemented in order to make the ISMS homogeneous within the Group;


Qualifications, Knowledges:
- Graduated in computer science or engineering knowledge of the IT world and its topics;
- knowledge of risk assessment methodologies, ability to perform a risk assessment independently and to identify the appropriate technical or organizational solutions for risk mitigation;
- knowledge of auditing techniques to set periodic assessment plans on IT’s and information security;
- knowledge of the primary OS's, domains, networking services and e-mailing systems;knowledge of network architectures and in particular of security measures in networking (firewalling, routing, etc);
-knowledge of privacy legislation 196/03 and its implications in the IT world;
- Interested and curious towards sector’ regulations;knowledge of the 27001: 2013 standard; knowledge of Data Security & protection solutions, Encryption;Interested and curious towards sector’ regulations;
Skills,capabilities, Competencies:
- excellent knowledge of spoken and written English analytical and problem solving skills communication and presentation skills to contribute to the understanding and awareness of information security problems throughout the organization;
Good interpersonal skills and act as a team player;
Autonomy in the selection and presentation of value-added solutions;
ability to read and interpret the results of a vulnerability assessment and penetration test, so as to identify the actions to be taken.



© De'Longhi Group 2019