Security GRC officer

• Develop and maintain security policies, standards, and frameworks in line with industry best practices (e.g., ISO 27001, NIST, PCI-DSS)
• Ensure alignment of security governance with regulatory and business objectives
• Work closely with internal and external auditors to support compliance audits and assessments
• Identify, assess, and mitigate security risks across IT and business functions
• Conduct risk assessments and implement control measures to protect critical assets
• Develop and maintain the bank's risk register, ensuring timely reporting and risk mitigation
• Collaborate with stakeholders to improve the bank's security risk posture
• Ensure compliance with local and international banking regulations (e.g., GDPR, PSD2, SWIFT CSP)
• Monitor changes in security regulations and implement necessary policy updates
• Conduct security awareness programs and training for employees
• Manage security incidents, investigations, and reporting in line with regulatory requirements

• Bachelor's or Master's degree in Cybersecurity, Information Security, Risk Management, or a related field
• Professional certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Auditor/Implementer are highly preferred
• Strong knowledge of regulatory requirements, risk frameworks, and control methodologies
• Experience with third-party/vendor risk assessments and audit processes
• Excellent analytical, communication, and problem-solving skills
• Languages: Italian, English (German is a plus)

German language skills