Information Security Officer

Scope and Purpose

In coordination with the competent Functions of the Head Office, the local ISO is responsible for ensuring the oversight at Branch level of the state of Cybersecurity and Business Continuity defining the objectives for the Cybersecurity and Business Continuity Programs and monitoring compliance with such objectives

Specific accountabilities:

• Ensure at Branch level the adoption of Cybersecurity and Business Continuity policies, guidelines, rules and processes in line with the Head Office regulatory framework
• Responsible for the oversight of the state of information security and cybersecurity
• Ensure that periodic Information flows (e.g. IT security Plan, Business Continuity Plan) are presented to the top management of the Branch and to Head Office
• Works strategically with the Head Office to ensure that all aspects of information security and cybersecurity are properly monitored and that security projects and tasks are properly coordinated
• Identifies and evaluates changes in local regulations, as well as trends in the Information Security and Cybersecurity marketplace, such as new products, new attacks and new countermeasures for applicability inside the Branch’s environment
• Ensure the local execution of Business Continuity activities, including periodical Business Impact Analysis, tests and reporting, in line with Group model
• Monitors and evaluates vulnerability reports, vendor hot-fixes, and vendor patches for applicability to deployed technologies
• Monitors the access control program. Ensure that all appropriate documentation pertaining to the recording of account creations, deletions, and permissions are correctly maintained and approved
• Spread the culture of Cybersecurity and Business Continuity within the Branch, in coordination with the competent functions of Head Office, by defining and executing local annual awareness and training programs

Required Experience

• Minimum 10 years in the information security and cybersecurity environment, preferably in a Financial Institution
• Experience in technology and application development that transitioned into a leading application and information security role
• Experience in developing and delivering Information Security and Cybersecurity awareness programs

Required Qualifications, Skills and Knowledge

• Bachelor’s in computer science, Information Technology or related field
• Master’s degree a plus
• CISSP / CISM certification preferable

• Must display subject matter experience in application security, vulnerability testing and system testing
• Solid background in assuring high level of Information Security management and Business Continuity management in an organization
• I.T./Info/Cyber Security risk management experience and direct participation in related risk management processes, including application risk classification and application control assessments
• Experience in assessing, designing and implementation of cybersecurity controls and solutions
• Experience in dealing with many different teams, at global level, to meet the expected goals
• High seniority and standing, to represent Intesa Sanpaolo Group towards external stakeholders and regulators from cybersecurity and business continuity standpoint
• Knowledge of financial industry products and related IT platforms, a plus
• Fluent English and Turkish