Setting up Group Security Governance from scratch, starting from maturity assessment and benchmarking to determine Security Strategy, 3YP and its deepening in security annual operational plans, including Capital budgeting and sustainability evaluation including capacity. Implementation of Security Governance strategy has included, amongst the others: - definition and implementation of security processes (both for governance and operations), integrated controls / KPI model and executive dashboarding; information flows for BoDs and steering of supervision response and certification processes.- end-to-end coordination of specific initiatives at Group level, designing the strategy and related implementation in terms of operational processes and technology, such as Data Classification, Security Awareness & Upskilling and the 3Y Enterprise Digital Identity Program.- Definition and set up of Group Fraud model and Security TPRM.Moreover, I am covering also the A.I. Role of Head of Security Operations in Allitude since its foundation (Jan 2020), with the opportunity for building organizational & operational model, operational processes and teams implementing the Group Security Governance Strategy and leading Security Operations transformation initiatives. I currently manage >40 resources, of which 20 employees (CCB/Allitude) and more than 20 consultants. Being the representative of Security at Group level, I have the responsibility to coordinate with Group functions and Group LEs (>80) and be the reference for Authorities and external relations for Security topics.

Following Group Security Governance strategy, setting up and implementation of Allitude Cybersecurity foundation and transformation strategy, that included: - Organizational review, in terms of operational processes consolidation, people & resource management.- Strategy for technologies consolidation and evolution.- Initiation and coordination of specific Cybersecurity programs, such as Endpoint Protection, Cyberdefense, System & Infrastructure, Fraud Management and Vulnerability Management, implementation of Group strategy and model for 3Y Enterprise Digital Identity Program.

In charge of define and oversee the Cyber Security and IT Risk plans (Strategic plan and masterplan)In charge of IT Risk Management (ongoing services, new initiatives, outsourcing and cloud) and of, oversee the evolution of the risk management model.In charge of all security service design for the business initiatives according with risk analisys results.Coordinator of the "IT security operation" round tables for outsourcing contracts of managed security services.In charge of IT Security Framework definition and related improvement activity for three legal foreign entities (Cyber Security, IT Risk and Data Protection).Presently I manage 7 FTE and 8 FTE allocated on three projects.

Definition and monitoring the Bank of Italy "Circolare n°263" Cap 8.program.Definition of IT Risk Management program.Definition and implementation of Information Security Management System (ISMS/SGSI).Definition of Security Policy & StandardAnalisys of ECB (BCE) and Bank of Italy security regulations and privacy.Desired vs current state analisys & security program management.

Security Control Objective process.Regulartory Compliance ProjectsInformation Security Framework & Master Plan securityRisk Assessment & Treatment PlanSecurity Project Management.Team leading.

During area transformation for outsourcing project:Definition and reengineering of the Security Service Management Proceses, based on ITIL v3, CMMI and ISO27001(SGSI).- Event & SOC, Security Incident, Security & Risk Management, Change, Service Continuity, , Security IT Operation.

- Security Project Management.- Security Products and Policy.- Disaster Recovery.- Developed Internet firewall security model, requirements, and design - Developed Intrusion prevention security model, requirements, and design- Wireless IPS- Developed secure remote administration solution using IPSec VPN LDAPs

- Windows NT administrator- Network administration- Unix mail server administrator