Responsabile it / cybersecurity / internal audit

• Perform application and infrastructure security assessment and remediation plan;
• IT process quality review and experience with PCAOB quality review;
• Redesign approach to cybersecurity improving the maturity level on business process and IT operation,
introducing new processes and responsibilities optimizing costs vs effectiveness of security solutions;
• Lead implementation and/or optimization of Security Development Life Cycle (SDLC) traditional and agile
approach for multiple clients. Managed Change management, logical access and IT operations in complex ERP implementation (SAP, Oracle, MS Dynamics)
• Security Operation Center (SOC) implementation review; Cloud security assessment.
• Data protection assessment, Cloud security assessment and Business continuity plan assessment;
• IT assessments; Segregation of Duties assessment; Compliance/Maturity assessment (NIST, OWASP, ISF,
ITIL, GDPR, ISO 27001, SOX);
• Execute advanced scenario based red team assessment designed to evaluate organization’s ability to
prevent, detect and respond to sophisticated Cybersecurity attacks;
• Lead Internal audit co-source engagements for fortune 500 companies.
• Part of the leadership team of the Center of Excellence for Robotic Process Automation (RPA) for the EY North East region in USA;
• Lead new opportunity, findings and recommendations meetings with CEOs, CFOs, and CIOs;
• Manage up to 30 people including off shore team, coordinating budget, activities schedule and deliverables; • Counseling and mentoring of junior consultants and managers building high-performance teams to manage,
implement and streamline complex IT projects.
 • Consistently outperform profitability targets in all the accounts.

• Re-designed and implemented information security and risk management processes for several companies
to improve the cybersecurity maturity level - reducing risks and enabling effective recovery in front of a security incident - with an optimized cost;
• Supported a large international group (operating in Europe, USA and China) in launching a new ERP system to overcome technology lock issues and reduce maintenance costs. Main role in the engagement was to define the implementation strategy (moving from 3 legacy applications to 1 advance ERP) identify the security requirements, segregation of duties and quality assurance as well as mange the change management phase to ensure a successful launch. Overall saving for the client was 900 K $/Y in license cost);
• Helped clients in restoring compromised systems after hacker's attacks through collaboration with external stakeholder (network supplier, investigation authorities). Led security task force to identify data breach impacts, investigate causes and define quick win as well as long term solutions to restore safety;
• Introduced a safety management solution integrated with wearable rfid tags to make more efficient the safety checks in specific high risk work areas. The solution reduced the avoidance of safety requirements and the FTE (-50%) dedicated to daily security checks;
• Supported 2 big clients to completely redesign the IT processes following the ITIL v3 Framework including people, catalog of services and service level. Objectives were aimed to reduce costs  and optimize processes (redesign of organization, KPI, supporting tools selection and rollout);
• Led several penetration tests and vulnerability assessment at network, mobile and applications level and
utilized several approaches such as black box, white box, grey box. Social Media assessment and Cyber strategy assessment;
• Led risk assessment activities for Global Fortune 500 clients (more than 15) dealing with different standard and requirements: 1) local laws as well as privacy requirements; 2) SOX/J-SOX; 3) PCI DSS 4) ISAE3402 Certification for Operation management of IT Data Center; 5) COBIT and COSO framework; 6) standard ISO 27001 (information security) and BS25999 (Business Continuity);
• Implemented a Data Loss Prevention (DLP) system to protect the intellectual property on overall mail system, sales force computer and enterprise storage network for a fashion retail company. The project was very delicate due to previous leakage of business info and products prototypes. Activities done included: sensitive data mapping (in motion, at rest and in use), rules setting for DLP system, definition of key risk indicator (KRI). The system was effective to identify fraudulent activities and responsible, deployed over 1000 user’s devices/laptops.

• Designed and implemented a security access solution for a major insurance company (OTP integration,
reverse proxy implementation);
• Designed and configured a fraud intelligence system based on Verisign FDS for a leading Italian bank
resulting in 85% automatic review;
• Designed and implemented a new mortgage assignment process for a leading international bank, project
was accomplished successfully in 4 months in order to comply with a new anti money laundering regulation. 
• Designed and implemented a business continuity model for the biggest Italian bank, from business impact analysis to processes definitions for internal and external systems and stakeholders (third parties and
suppliers);
• Designed and implemented a Security Videosurveillance system based on IP cameras including monitoring
and alert processes for unauthorized access in specific company areas (Retail store or remote production area – total of 250 sites). Integration with the corporate Security Information and Event Management (SIEM);
• Designed and implemented an application workflow for a leading Insurance company. Main functionalities: electronic storage, digital signature, legal timestamp and metadata management for intelligence searching; 
• Ran Vulnerability and penetration test (Internal and External) for important international Banking and
Insurance Companies.

Run security IT audit for more than 20 clients utilizing industry frameworks and security standard such as
CoBIT, ISO 27001/2 and ITIL. Key areas of assessment: physical access controls, data protection, security and incident management, logical access control and administrative rights management, IT operation and service management;
• Supported the design and implementation of a fraud management portal for the Italian leader in telecommunication industry;
• Implemented a digital repository to store all compliance documents (requested by L.262/2005) for one of the leading Italian insurance company.