Information Security activity:• Preparation for ISO27001 certification.• Planning and implementation of the ISMS in compliance with the ISO27001 standard.• Compliance with FINMA requirements related to IT operational risks and service outsourcing.• Drafting of security policies and procedures.• Internal audit on the effective application of security controls.• Measurement of safety objectives through specific KPIs.• Risk Analysis and updating of the Risk Treatment Plan.• Preparation for ISMS review.DPO activity• Verification of compliance with EU Regulation 2016/679• Periodic update on personal protection regulations• Support in drafting the contents of the information to the data subjects, Privacy policies, Records of processing activities and the Impact Analysis (DPIA)• Periodic audits• Periodic reports to the managementPrivacy - Compliance with EU Regulation 2016/679 (GDPR) activity.• Gap analysis and GDPR adjustment plan• Definition of roles and responsibilities in the treatment of personal data.• Determination of the content of contracts with suppliers / outsourcers.• Risks Analysis associated with the processing of personal data• DPIA (Data Protection Impact Assessment).• Content of the Records of processing activities and definition of the maintenance process• Disclosures, consents, appointments of managers and authorized processors• Review of security policies and procedures relating to privacy aspects.• Introduction of the principle of Privacy by design and Privacy by default in the life cycle of information systems.• Definition of the Data Breach process.• Definition of the process for managing the exercise of the rights of the interested party.• Definition of the Personal Data Protection Management System.Preparation of contents for the training of those authorized to process.Main companies in which I worked: April Italia, Banca Arner, COREPLA, equensWorldline, Wellcomm Engineering

Main activities in Information Security:• ISMS planning and implementation, comply with standard ISO27001.• Writing the security policies and procedures.• Measurement the security objectives by specific the KPI.• Risk analysis review and Risk treatment plan update.• Preparation of the certification/renewal of standard ISO27001.• Adding the PCI-DSS requirements to the security controls and support for the certification.Main activities in Business Continuity:• BCMS planning and implementation, comply with standard ISO22301 and the guidelines / circulars of Banca d’Italia and DNB.• Business Impact Analysis review, Risk Impact Analysis, BC Plan, DR Plan, BC Test Plan.Main activities concerning Privacy:• Periodic checks of compliance with regulatory requirements on privacy.• Privacy policy and procedures• Check if new personal data process, or changes to existing processes.• Data classification• Incident management• Risk assessment• Documentation for training of the employees on personal data process and security awareness.• Log management• Control of the system engineers’ activities (prov. 27 November 2008).

• Preparation of the certification standard ISO27001.• Privacy: writing the Security Policy Document, Records of processing activities, Risk Analysis, roles and responsibilities, privacy policy and procedures, data classification, incident management, log management, security controls, information and consent, check the security clauses in the supplier contract, system administrators activity control.• Data Retention management: retention of data relating to the professional activity carried out by employees, in accordance with the Data Protection law. It includes:• Log Management.• Security Dashboard.• Writing the Security Policies.• Risk Assessment. • System strong authentication (RSA).Main companies in which I worked: Danieli, Equens, i-Faber, IPZS, T-Systems, Vodafone

• Privacy: writing Security Policy Document, Records of processing activities, Risk Analysis, roles and responsibilities, security controls, information and consent, check the security clauses in the supplier contract, system administrators controls.• Business Impact Analysis, Business Continuity Plan, comply with guideline of Banca d’Italia. • Audit on contracts concerning outsourcing ICT services.Main companies in which I worked: ASL C Roma, Banca BSI, Comune di Piacenza, Deborah, Fedon, SDF-Same

• Development and maintenance THE BOSS banking information system in Retail area.

• Information System Post-sales technical support concerning consumer electronics products.• Information System for the Call Center.• Customer Database for marketing and customer services.• Migration and downsizing of information systems.• Information System of the Custodian Bank.• Payment Systems.• Central Credit Information System.Main companies in which I worked: Deutsche Bank, Enidata, Philips Electronics, SIA, Whirlpool

• Information System Post-sales technical support concerning consumer electronics products.

• Customizing the ERP system for managing the sales cycle of finished goods, and the company's distribution network.• Information system for the deposit warehouses.• IBM mainframe System Operator.