Security Governance Analyst


Posted 8/2/2020

The Security Risk Analyst will work with the Security Governance team to setup and maintain a Security risk methodology and continuous assessment over ths information security risks of the European Insurance Business. Will be in contact with the different Corporate governance and business stakeholders, evaluating the risk and supporting the product team for the decision. The main activities will be risk assessment, High-level Security Requirements, Security policy and procedures maniantance and effectiveness analysis.


  • Leads the creation, implementation, monitoring, and maintenance of information security Policies and Standards
  • Implements the Information Security Management System and monitors the adherence of security practices to it
  • Establishes credibility and maintains strong working relationships with groups involved in security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, etc.)
  • Responsible for building and influencing security as a core competency throughout the organization and with our internal teams/partners/vendor
  • Engages with the Businesses and SMEs to ensure compliance to information security policies
  • Ensure that the business objectives are reflected in the information security objectives, policy, and activities
  • Supports ad-hoc data analysis requests
  • Partner with Business and IT point of contacts, to track and/or develop remediation plans for identified vulnerabilities
  • Review all current and existing vulnerabilities for active and acceptable remediation plans. These plans may be reviewed with but not limited to
  • Business point of contacts, Application Owners, Data Owners / Custodians or
  • System Administrators. Verify that remediation plans are implemented per remediation plan and Information Security guidelines. Proactively review and identify any potential gaps that may result in possible audit issues
  • Present key findings, progress, and all issues to leadership on a regular basis and be responsible for influencing the stakeholders to prioritize/execute risk management issues and drive remediation efforts Review all vulnerability scans and penetration tests results to identify all security risks and report on findings to appropriate stakeholders
  • Respond to relevant requests received from all stakeholders or representative of stakeholders
  • Provide all necessary reports and presentations on the status of remediation efforts and all gaps and potential obstacles or issues to management and technical staff
  • Performs other related duties incidental to the work described herein and all special assignments as needed or assigned
Technical Knowledge (Tools)

Must to have
  • Bachelor’s degree in a computer field
  • 3-5 years of experience and knowledge in Governance positions
  • Information Security Governance Frameworks and Best practices
  • Good English level: B2
  • Flexibility
  • Strong communication skills
  • Can do attitude
  • Organizational skills
Nice to have

● CISSP, CISA, CRISC or similar certifications

● French/Italian

Location: Rome

To view and apply for this job on the web visit: