CrawlJobs Logo

Security Governance and Risk Manager

Italy, Rome Employment contract 50000.00 - 65000.00 EUR / Year · Job Posted July 07, 2026
Apply Position
Job Link Share

Job Description

Randstad Digital, a specialized division for IT profiles of Randstad Italia, is searching for a Security Governance and Risk Manager to join a prestigious product company in the energy and oil & gas sector.

Job Responsibility

  • Support all group affiliates in implementing and maintaining approved security standards across IT, operational technology, cloud, and digital environments
  • Translate group security frameworks into clear policies, controls, and procedures, acting as a trusted advisor to senior leadership and local teams
  • Establish the group-wide security risk assessment cycle
  • Monitor affiliate security maturity
  • Support internal and external audit readiness
  • Actively participate in incident response procedures

Requirements

  • Master's degree, preferably in Information Security, IT, or related STEM fields
  • Professional fluency in English (C1 level), well-established in both written and spoken communication
  • Minimum 7 years of experience in information security, with a strong focus on governance, risk, and compliance (GRC)
  • Proven experience in translating security frameworks into actionable policies, procedures, and controls
  • Deep understanding of major international standards and regulations such as NIS2, ISO 27001, NIST CSF, and IEC 62443
  • Strong knowledge of cloud security and modern enterprise platforms, with preferred experience in Azure and Microsoft Defender
  • Solid background in Security-by-Design practices within complex project frameworks and procurement processes
  • Familiarity with risk management frameworks, maturity programs, and security monitoring tools like SIEM, SOC, and ServiceNow
  • Relevant professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer or Auditor are highly preferred

What we offer

  • Flexible working arrangements with a strong focus on well-being, corporate welfare, and work-life balance
  • Performance-based variable bonus of €6,000
  • Corporate canteen on-site
  • €10 meal vouchers for remote days
  • Comprehensive corporate welfare package including supplementary health insurance and wellness services

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Security Governance and Risk Manager

8 matching positions

Information Security Governance, Risk and Compliance Specialist

The Information Security Governance, Risk and Compliance (GRC) Specialist is a s...
Location
Location
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP desirable
  • Seasoned experience in information security or related roles
  • Seasoned exposure to risk assessment, compliance, security awareness, or policy development is beneficial
  • Seasoned familiarity with information security frameworks and standards
  • Seasoned understanding of risk assessment methodologies, compliance, and policy development
  • Strong communication and interpersonal skills for effective collaboration
  • Strong attention to detail and ability to follow established processes
  • Seasoned project management skills for coordinating security initiatives
Job Responsibility
Job Responsibility
  • Assists in conducting risk assessments and vulnerability assessments
  • Contributes to the development and maintenance of security policies and procedures
  • Collaborates with internal stakeholders to ensure compliance with industry standards and regulations
  • Participates in security awareness and training initiatives
  • Supports incident response activities and investigations as required
  • Monitors and reports on security compliance metrics
  • Assists in the implementation of security controls and best practices
  • Stays updated with emerging security threats and trends
  • Performs any other related task as required
  • Fulltime
Read More
Arrow Right

Senior Information Security Governance, Risk and Compliance Specialist

The Senior Information Security Governance, Risk and Compliance (GRC) Specialist...
Location
Location
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP preferred
  • Advanced experience in information security, including GRC-related roles
  • Advanced experience in leading risk assessments, compliance efforts, security awareness initiatives, and policy management
  • Advanced understanding of information security frameworks and standards
  • Advanced proficiency in conducting risk assessments, analyzing security controls, and policy management
  • Excellent communication and interpersonal skills for collaborating with various stakeholders
  • Strong project management skills for handling security initiatives
  • Advanced familiarity with legal and compliance aspects related to information security
Job Responsibility
Job Responsibility
  • Leads risk assessments and gap analyses to identify vulnerabilities and recommends risk mitigation strategies
  • Develops and maintains security policies, standards, and procedures
  • Collaborates with legal and compliance teams to ensure adherence to regulatory requirements
  • Provides guidance and support to junior GRC team members
  • Assists in the creation and delivery of security awareness and training programs
  • Participates in security incident response activities as needed
  • Contributes to the continuous improvement of the information security program
  • Assists in policy management and refinement
  • Performs any other related task as required
  • Fulltime
Read More
Arrow Right

Cyber Security Governance, Risk and Compliance Consultant

Accenture’s Security Practice is one of the fastest growing areas of the busines...
Location
Location
Ireland , Dublin
Salary
Salary:
Not provided
accenture.com Logo
Accenture
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Governance, Risk & Compliance (GRC) Subject Matter Expert
  • experience in core compliance activities such as audit preparation, policy reviews, process flow and RASCI development, and third-party risk management
  • expert guidance on industry frameworks such as NIST 2.0
  • experience supporting security governance and risk initiatives
  • experience with integrated GRC operations including governance reviews, risk assessments, compliance monitoring, and contributions to GRC tooling and processes
Job Responsibility
Job Responsibility
  • Ensure all GRC processes, controls, and deliverables align with business and regulatory requirements, validating to-be processes and reviewing solution decisions
  • Lead core compliance activities such as audit preparation, policy reviews, process flow and RASCI development, and third-party risk management
  • Provide expert guidance on industry frameworks such as NIST 2.0, supporting security governance and risk initiatives across the client environment
  • Collaborate with internal and client stakeholders to evaluate options, guide decision-making, and ensure alignment with GRC best practices
  • Support integrated GRC operations including governance reviews, risk assessments, compliance monitoring, and contributions to GRC tooling and processes
What we offer
What we offer
  • comprehensive training covering business, technical and professional skills development
  • opportunities to hone functional skills and expertise in Cyber Security
  • integrated career counselling
  • great opportunities for professional development and rapid advancement
  • Fulltime
Read More
Arrow Right

Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustai...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment
  • Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks
  • Proven track record of designing and leading initiatives to enhance security controls and processes
  • Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions
  • Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices
  • Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks
  • Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees
  • Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security
  • Strong leadership capabilities with experience in leading and mentoring risk management professionals
  • Bachelor's degree required
Job Responsibility
Job Responsibility
  • Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape
  • Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite
  • Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations
  • Partner with 2nd line functions to interpret and apply cyber risk requirements and policies accurately
  • Engage with 3rd line functions to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues
  • Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution
  • Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees
  • Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security
  • Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security
  • Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustai...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment
  • Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks
  • Proven track record of designing and leading initiatives to enhance security controls and processes
  • Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions (e.g., Information Security Compliance, Operational Risk, Internal Audit, Regulators)
  • Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices
  • Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks
  • Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees
  • Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security
  • Strong leadership capabilities with experience in leading and mentoring risk management professionals
  • Bachelor's degree required
Job Responsibility
Job Responsibility
  • Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape
  • Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite
  • Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations
  • Partner with 2nd line functions (e.g., Information Security Compliance, Operational Risk Management) to interpret and apply cyber risk requirements and policies accurately
  • Engage with 3rd line functions (e.g., Internal Audit, Compliance Assurance) to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues
  • Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution
  • Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees
  • Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security
  • Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security
  • Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Head of Governance, Risk and Compliance - CISO function - BPL

The Head of GRC leads the pillar responsible for ensuring the organisation under...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISM, CRISC, or CISSP certification
  • Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation
  • ISO 27001 Lead Auditor or Lead Implementer certification
  • PCI QSA or Internal Security Assessor (ISA) qualification
  • Previous experience in FinTech, Digital Banking, Payment Acquiring organisation
  • Experience with Visa GACS and Mastercard SDP acquirer compliance programmes
  • Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment
  • Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments
  • Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR)
  • Understanding of cloud-native architectures and their implications for compliance and risk management
Job Responsibility
Job Responsibility
  • Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements
  • Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL)
  • Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters
  • Own the third-party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk-assessed with a tiered approach proportionate to data access and criticality
  • Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT
  • Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle
  • Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms
  • Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships
  • Own the risk assessment calendar, ensuring both cyclical and event-driven assessments are executed on schedule with appropriate rigour
  • Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time-bound, approved at the appropriate authority level, and reviewed before expiry
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Vp - Ai Security & Risk Manager

The Technology department at our client is responsible for creating and continuo...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 175000.00 USD / Year
rennerbrown.com Logo
Renner Brown
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, Data Science, or a related field
  • advanced degree a plus
  • At least 7–10 years of experience in information security, technology risk, or a related field, with a minimum of 3 years focused on AI systems, machine learning security, or AI governance
  • Deep understanding of the AI and LLM landscape, including foundation model architecture, agentic systems, RAG pipelines, and the risk implications of each
  • Hands-on experience evaluating AI platforms and products, including the ability to assess vendor claims about model behavior, data handling, and security controls with appropriate skepticism
  • Familiarity with AI risk frameworks and emerging standards, including NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10, and ISO/IEC 42001
  • Experience with vendor risk management in a regulated financial services environment, including contract negotiation support and third-party security assessments
  • Knowledge of relevant regulatory frameworks including DORA, SOX, SEC cybersecurity disclosure rules, and GDPR/CCPA as they apply to AI data flows
  • Strong technical skills sufficient to evaluate AI system architecture, API security, data pipeline design, and access control models without reliance solely on vendor documentation
  • Excellent communication skills, with the ability to translate highly technical AI risk concepts into clear, decision-ready language for senior leadership, Legal, and Compliance
Job Responsibility
Job Responsibility
  • Own and maintain the firm's AI risk framework, covering model risk, data privacy, adversarial threats, third-party AI, and regulatory compliance
  • Develop and enforce AI usage policies in collaboration with Legal and Compliance, including acceptable use, data classification requirements, and prompt handling standards
  • Maintain an inventory of AI tools deployed firm-wide — both sanctioned and shadow — and assess associated risk profiles
  • Provide regular AI risk reporting to the Head of Technology Risk and senior leadership, including emerging threat trends, vendor posture changes, and control gaps
  • Monitor the evolving regulatory environment for AI (EU AI Act, SEC guidance, DORA, NY DFS) and advise on compliance obligations and required controls
  • Lead security and risk assessments of vendors introducing AI capabilities into existing or new platforms, including evaluating model transparency, data handling practices, and auditability
  • Develop and maintain a structured AI vendor evaluation framework, incorporating criteria for model governance, output reliability, data residency, and incident response obligations
  • Partner with Procurement and Legal to ensure AI-specific provisions are reflected in vendor contracts, including data usage restrictions, model change notifications, and liability terms
  • Maintain a tiered risk register of third-party AI integrations, with ongoing monitoring for material changes to vendor AI functionality, architecture, or ownership
  • Engage directly with vendor security and product teams to assess AI-related controls and drive remediation of identified gaps
  • Fulltime
Read More
Arrow Right

It Infrastructure & Security Governance Manager

We are partnering with a highly established international business operating wit...
Location
Location
Switzerland , Zurich
Salary
Salary:
120000.00 - 130000.00 CHF / Year
signifytechnology.com Logo
Signify Technology
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Define, implement, and maintain IT governance frameworks, policies, and standards aligned to recognised security frameworks such as ISO 27001, NIST CSF, and SOC 2
  • Lead IT risk management activities and support internal and external audit processes
  • Oversee hybrid infrastructure and cloud security architecture, including networks, servers, endpoints, and Microsoft cloud environments
  • Manage identity and access governance across Active Directory and Microsoft Entra ID environments
  • Coordinate security monitoring, vulnerability management, and incident response activities alongside external security providers
  • Support business continuity and disaster recovery planning initiatives
  • Oversee data classification and data protection controls across the organisation
  • Act as a key point of coordination between governance, operational IT teams, and third-party vendors
Job Responsibility
Job Responsibility
  • Define, implement, and maintain IT governance frameworks, policies, and standards aligned to recognised security frameworks such as ISO 27001, NIST CSF, and SOC 2
  • Lead IT risk management activities and support internal and external audit processes
  • Oversee hybrid infrastructure and cloud security architecture, including networks, servers, endpoints, and Microsoft cloud environments
  • Manage identity and access governance across Active Directory and Microsoft Entra ID environments
  • Coordinate security monitoring, vulnerability management, and incident response activities alongside external security providers
  • Support business continuity and disaster recovery planning initiatives
  • Oversee data classification and data protection controls across the organisation
  • Act as a key point of coordination between governance, operational IT teams, and third-party vendors
  • Fulltime
Read More
Arrow Right