Cyber security GRC Consultant

Posting Date: 8 Sept 2025

City: Genova

Location:

Genova, IT, 16129 Rozzano, IT, 20089 Roma, IT, 144

Contract Type: Permanent

Division: Digital Technology and Cybersecurity

Level of experience: Intermediate

RINA is currently recruiting for a Cyber security GRC Consultant to join its office in Genova, Rome or Milan within the Digital Technology and Cybersecurity Division.

Mission

We are looking for an experienced Cybersecurity Engineer to join and strengthen our technical team.

Key Accountabilities

The selected candidate will be responsible for:

Identifying security risks in organizations and complex systems/architectures;
Designing security measures and providing recommendations to improve security posture;
Ensuring compliance with laws, regulations, and cybersecurity standards;
Supporting customers in cybersecurity-related activities;
Drafting technical reports (often in English);
Maintaining and updating RINA cybersecurity guidelines and assessment methodologies;
Providing technical support for business development, including drafting proposals and defining services;
Coordinating junior staff when applicable.
#LI-RD1

Education

Bachelor’s Degree in Computer Science or Information Systems

Qualifications

At least 3 years of experience in cybersecurity, with proven expertise in GRC topics, GDPR technical aspects, and knowledge of relevant standards/regulations;
Strong knowledge of laws, regulations, international standards, and best practices (e.g. GDPR, ISO 27000 family, NIST Cybersecurity Framework, NIS Directives, ISA 62443, Common Criteria/ISO 15408, etc.);
Experience in Governance, Risk & Compliance activities for IT/OT security;
Ability to identify and analyze information security risks in diverse contexts;
Excellent problem-solving skills;
Strong verbal and written communication skills in Italian and English;
Flexibility and ability to manage multiple tasks in a fast-paced environment;
Willingness to travel domestically and internationally.

Desired Qualifications:

One or more recognized security certifications (e.g. ISO 27001 Lead Auditor, ISA 62443, ISACA CISM/CISA/CRISC, ISC² CISSP, Data Protection Officer, etc.);
Knowledge of security tools and platforms such as:

- Governance Risk Compliance (GRC) platforms.

Previous experience with security certification processes for Information Security Management Systems (ISO/IEC 27001) or IT/OT products (Common Criteria, ISA 62443).

Competencies

ADDRESS THE WAY - Have a big picture of different situations and reinterpret it in a perspective way
BUILD NETWORK - Forge trust relationships, across departments, and outside the organization
CLIENT INTIMACY - Embrace internal and external client needs, expectations, and requirements to ensure maximum satisfaction
EARN TRUST - Take everyone's opinion into account and remain open to diversity
MAKE EFFECTIVE DECISIONS - Structure activities according to priorities, actions, resources and constraint
MANAGE EMOTIONS - Recognise one's and other's emotions and express and regulate one's reactions
PIONEER CHANGE - Actively embrace change and benefit from the new circumstances
PROMOTE SUSTAINABLE DEVELOPMENT - Promote commitment by keeping promises as a Role Model
THINK FORWARD - Capitalise on experiences and translate them into action plans for the future

RINA is a multinational company providing a wide range of services in the energy, marine, certification, infrastructure & mobility, industry, research & development sectors. Our business model covers the full process of project development, from concept to completion.

At RINA, we endeavor to create a work environment where every single person is valued and encouraged to develop new ideas. We provide equal employment opportunities and are committed to creating a workplace where everyone feels respected and safe from discrimination or harassment of any kind. We are also compliant to the Italian Law n. 68/99.