It looks like you are in United States. Would you like to go to https://onsiter.com/us/ instead?
Podría estar disponible
(Actualizado 2020-09-23.)IT Security Expert
Milano, MI, Italia
Nativo Italian, Intermedio English, Spanish, Principiante French
- Information Classification
- Risk Management
- Project Management
Habilidades (33)
NIST
GANTT
RISK ASSESSMENT
Risk Management
SECURITY POLICIES
ISO 27001
GOVERNANCE
SECURITY DOCUMENTATION
DOCUMENTATION
BUDGET
ISO
COBIT
INFORMATION SECURITY
REGULATORY COMPLIANCE
BEST PRACTICES
DATA PROTECTION
BUSINESS CONTINUITY
BLUEPRINT
MARKETING DEPARTMENT
BALANCE SHEET
GAP ANALYSIS
DISASTER RECOVERY
REMEDIATION
BUSINESS MANAGEMENT
CUSTOMER RELATIONSHIP MANAGEMENT
Marketing
APPLICATION TESTING
Supply Chain Management
SUPPLY CHAIN
CRM
TELCO
EXCHANGE
HEALTHCARE
Experiencia profesional
IT SECURITY EXPERT & INFORMATION CLASSIFICATION
Bayer HealthCare
2020-09 - Presente
Manufacturing
Security Expert with more than 5 year of experience. I'm currently working as Project/Security
Manager in order to provide the implementation of the processes in these areas:
◦ Identity and Access Management;
◦ IT Change & LifeCycle Managemt;
◦ Business Continuity & Disaster Recovery Management;
◦ Infrastructure & Platform Security;
◦ Risk Management;
◦ Governance and Compliance;
◦ IT & Asset Management;
◦ Monitoring & Event Management;
◦ Service Management;
◦ Third Party Management;
◦ Information Classification Framework;
◦ Manage IT Audit for the Security prospective.
Major tasks and responsibilities:
◦ Brings together key security and risk stakeholders to develop and review enterprise
security and risk strategies;
◦ Monitors regulatory compliance with enterprise security policies and educates business
unit leaders and service managers on compliance efforts;
◦ Creates an information security awareness program to customize communication tools
and campaigns for the Site;
◦ Set up and maintain local information classification processes and ensure the ongoing
identification of protection needs;
◦ Ensure compliance to information security and IAM policies. Manage and register
approvals as well as exceptions and handle escalations;
◦ Coordinates business continuity planning efforts across Functions at the Site;
◦ Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments;
◦ Sets usage and security policies for information sharing on internal and external
platforms;
◦ Understands "voice of the customer" and develops mechanisms to proactively sense
adoption and usage patterns of consumer technologies by end users so that policy can
align with need;
◦ Develop and direct implementation of security standards and best practices for the organization.
Milano, Italy
Security Expert with more than 5 year of experience. I'm currently working as Project/Security
Manager in order to provide the implementation of the processes in these areas:
◦ Identity and Access Management;
◦ IT Change & LifeCycle Managemt;
◦ Business Continuity & Disaster Recovery Management;
◦ Infrastructure & Platform Security;
◦ Risk Management;
◦ Governance and Compliance;
◦ IT & Asset Management;
◦ Monitoring & Event Management;
◦ Service Management;
◦ Third Party Management;
◦ Information Classification Framework;
◦ Manage IT Audit for the Security prospective.
Major tasks and responsibilities:
◦ Brings together key security and risk stakeholders to develop and review enterprise
security and risk strategies;
◦ Monitors regulatory compliance with enterprise security policies and educates business
unit leaders and service managers on compliance efforts;
◦ Creates an information security awareness program to customize communication tools
and campaigns for the Site;
◦ Set up and maintain local information classification processes and ensure the ongoing
identification of protection needs;
◦ Ensure compliance to information security and IAM policies. Manage and register
approvals as well as exceptions and handle escalations;
◦ Coordinates business continuity planning efforts across Functions at the Site;
◦ Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments;
◦ Sets usage and security policies for information sharing on internal and external
platforms;
◦ Understands "voice of the customer" and develops mechanisms to proactively sense
adoption and usage patterns of consumer technologies by end users so that policy can
align with need;
◦ Develop and direct implementation of security standards and best practices for the organization.
Milano, Italy
SECURITY CONSULTING CONSULTANT
Accenture
2020-09 - 2020-09
Security consulting consultant with more than 4 year of experience in these fields:
◦ Risk Management;
◦ Security by Design;
◦ Governance and Compliance;
◦ Client Data Protection;
◦ Cyber Risk;
◦ Data Breach
Last Project for Italian Primary Bank: My role was to define a cyber operating protocol on a data breach scenario that includes 3 areas:
- Engagement of Comitato di Crisi and Unità di Emergenza
- Define business continuity solution
- Communication Framework.
- Prepared a G7 simulation that involved all important bank e Banca d'Italia. The simulation
consist in a financial collapse due to a cyber attack of the European financial sector.
Other Project: Manage and define a framework of second level controls in the cyber risk
area; define Key Risk Indicator (KRI) based on NIST Standard, cross to all Cyber Security
enviroment, to define an ad hoc process of monitoring the bank.
Other Project: Defined and implemented a Security By Design Framework
Milano, Italy
◦ Risk Management;
◦ Security by Design;
◦ Governance and Compliance;
◦ Client Data Protection;
◦ Cyber Risk;
◦ Data Breach
Last Project for Italian Primary Bank: My role was to define a cyber operating protocol on a data breach scenario that includes 3 areas:
- Engagement of Comitato di Crisi and Unità di Emergenza
- Define business continuity solution
- Communication Framework.
- Prepared a G7 simulation that involved all important bank e Banca d'Italia. The simulation
consist in a financial collapse due to a cyber attack of the European financial sector.
Other Project: Manage and define a framework of second level controls in the cyber risk
area; define Key Risk Indicator (KRI) based on NIST Standard, cross to all Cyber Security
enviroment, to define an ad hoc process of monitoring the bank.
Other Project: Defined and implemented a Security By Design Framework
Milano, Italy
SECURITY ANALYST
Accenture S.p.A
2020-09 - 2020-09
Security Analyst in Accenture with more than 2 years experience in different Security areas.
I worked on a project for an important Italian Banking Groups where I'm conducting:
◦ PM Project:
◦ - organize my work with proper management tools;
◦ improve and automate activities;
◦ produce assigned deliverables autonomously and efficiently;
◦ prepare documentation/deliverables concerning meetings and activities in time and in efficient way;
◦ identification of a security controls and processes to implement a data center based on
Microsoft Azure in cloud;
◦ Iniziative 'Enterprise Technology BluePrint' related to the Banking Platforms: I
developed knowledge and skills about various security topics to be autonomously re-
used on future similar projects. I provided a framework for understanding disparate
design and process considerations of each platforms and I organized architecture and actions toward improving enterprise security
◦ Remediation Plan for a new Infrastructure based on CA Privileged Access Manager
Solution.
I worked on a project for an important Telco Company where I conducted:
◦ Security Client Data Protection: Security requirements to apply at the Services (e.g.
Infrastructure/Application Testing or Development/Production Support/
Consulting) provided by Accenture to the client.
I worked on a project for another important Italian Banking Groups where I conducted:
◦ Analysis and evaluation of IT Risks (in accordance to Circ. 263/06 and Circ. 285/13) to
better identify the security measures to be implemented and to ensure the confidentiality, integrity and availability of business and client information (in accordance with Information Risk Assessment Methodology);
◦ Development of client security documentation, in accordance with internal and external
I worked on a project for an important Italian Banking Groups where I'm conducting:
◦ PM Project:
◦ - organize my work with proper management tools;
◦ improve and automate activities;
◦ produce assigned deliverables autonomously and efficiently;
◦ prepare documentation/deliverables concerning meetings and activities in time and in efficient way;
◦ identification of a security controls and processes to implement a data center based on
Microsoft Azure in cloud;
◦ Iniziative 'Enterprise Technology BluePrint' related to the Banking Platforms: I
developed knowledge and skills about various security topics to be autonomously re-
used on future similar projects. I provided a framework for understanding disparate
design and process considerations of each platforms and I organized architecture and actions toward improving enterprise security
◦ Remediation Plan for a new Infrastructure based on CA Privileged Access Manager
Solution.
I worked on a project for an important Telco Company where I conducted:
◦ Security Client Data Protection: Security requirements to apply at the Services (e.g.
Infrastructure/Application Testing or Development/Production Support/
Consulting) provided by Accenture to the client.
I worked on a project for another important Italian Banking Groups where I conducted:
◦ Analysis and evaluation of IT Risks (in accordance to Circ. 263/06 and Circ. 285/13) to
better identify the security measures to be implemented and to ensure the confidentiality, integrity and availability of business and client information (in accordance with Information Risk Assessment Methodology);
◦ Development of client security documentation, in accordance with internal and external
INGEGNERE GESTIONALE - Studio Tecnico Ingegneria - Ligorio Arcangelo
2020-09 - 2020-09
Project Management for Request For Proposal:
◦ Program Governance;
◦ AS IS analysis;
◦ Support documentation request;
◦ Gap Analysis
◦ Preparation of documentation for the request for proposal;
◦ Economic offer preparation;
◦ Preparation of technical offer;
◦ Definition of the proposed solution (TO BE);
◦ Definition of the proposed approach;
◦ Definition of Activities and Deliverables (Project Gantt Preparation);
◦ Preparation of the work plan; -
◦ Organization of the project team;
◦ Definition of monitoring activities.
Budget Management:
◦ preparation of the budget;
◦ budget definition;
◦ preparation of the balance sheet.
◦ Program Governance;
◦ AS IS analysis;
◦ Support documentation request;
◦ Gap Analysis
◦ Preparation of documentation for the request for proposal;
◦ Economic offer preparation;
◦ Preparation of technical offer;
◦ Definition of the proposed solution (TO BE);
◦ Definition of the proposed approach;
◦ Definition of Activities and Deliverables (Project Gantt Preparation);
◦ Preparation of the work plan; -
◦ Organization of the project team;
◦ Definition of monitoring activities.
Budget Management:
◦ preparation of the budget;
◦ budget definition;
◦ preparation of the balance sheet.
WEB MARKETING
2020-09 - 2020-09
H2e Servicios Publicitarios
COMPUTER SYSTEMS DESIGNER AND ANALYST
Consiglio Nazionale delle Ricerche
2020-09 - 2020-09
(CNR)
Trainee in healthlab of Consiglio Nazionale delle Ricerche of Naples for the development of android application for smartphone (support of nevus monitoring).
www.icar.cnr.it via Pietro Castellino,111, Napoli, Italy
Trainee in healthlab of Consiglio Nazionale delle Ricerche of Naples for the development of android application for smartphone (support of nevus monitoring).
www.icar.cnr.it via Pietro Castellino,111, Napoli, Italy
www.accenture.com
2013-01 - 2013-01
security documentation (policies, guidelines, processes, etc.).
www.accenture.com Via Quadrio, Milan, Italy
www.accenture.com Via Quadrio, Milan, Italy
take Spanish course and internship
Lifelong Learning Programme
2013-01 - 2013-01
Leonardo Da Vinci. Three months in Seville (Spain) to take Spanish course and internship at the company H2E Servicios Publicitarios, for designing web page marketing online and web
marketing. During this time, I was part of the Marketing Department, responsible for the implementation of projects in different areas:
◦ Creating content for social media (videos, new articles related to the products, write articles..);
◦ Research and development of web content for car rental;
◦ Develop SEO texts (geographical segmentation/market) for the company's website;
◦ Look in the forum design information to attract potential customers or followers;
◦ Collaboration in the development of the technology project. The project at the moment is private and is under development (SEODISTAS);
◦ Application Android with list and detail of item to sell;
◦ Courses google on Digital Marketing, Web Analytics and Ecommerce.
http://www.h2e.es/ Seville, Spain
marketing. During this time, I was part of the Marketing Department, responsible for the implementation of projects in different areas:
◦ Creating content for social media (videos, new articles related to the products, write articles..);
◦ Research and development of web content for car rental;
◦ Develop SEO texts (geographical segmentation/market) for the company's website;
◦ Look in the forum design information to attract potential customers or followers;
◦ Collaboration in the development of the technology project. The project at the moment is private and is under development (SEODISTAS);
◦ Application Android with list and detail of item to sell;
◦ Courses google on Digital Marketing, Web Analytics and Ecommerce.
http://www.h2e.es/ Seville, Spain
Formación académica
Master Degree in Management Engineering in ICT
Università degli studi di Modena e Reggio Emilia
2020-09 - 2020-09
EPF Ecole d'Ingénieur
EPF Ecole d'Ingénieur
2020-09 - 2020-09
Bachelor's degree in Engineering Management in Information Area
Università degli studi di Napoli Parthenope
2020-09 - 2020-09
Certificaciones
Lead Auditor ISO/IEC 27001: An information security management system (ISMS) standard
(ISMS)
Lead Auditor ISO/IEC 27001: An information security management system
published by the International Organization for Standardization. It ensures the preservation
of confidentiality, integrity and availability of information. It covers every aspect of
information security and stresses the importance of risk management
Prince2 Foundation and Practitioner
Cobit5 Foundation