Security Program Manager

For one of my customer in Italy we are looking for a Program Lead with experience in IT/OT for a NIS2 adoptation program.

Contract: Full-time /Contract

Location: Rome, Italy

Description:

We are seeking a senior professional to lead end-to-end (E2E) the NIS2 Directive adoption program across all IT and OT environments supporting motorway operations. The role requires a strategic leader with advanced project/program management capabilities, strong cybersecurity expertise, and the ability to operate in a complex, heterogeneous ecosystem involving multiple internal functions, external service providers, regulatory bodies, and technology partners.

The NIS2 Program Lead will define the roadmap, coordinate execution, ensure regulatory alignment, and drive the transformation required to elevate cyber resilience across mission-critical digital and operational technologies

Key Responsibilities :

1. Strategy & Governance

• Deliver the NIS2 compliance strategy, roadmap, and governance framework for IT and OT domains.
• Translate regulatory requirements into actionable, risk-based initiatives aligned with corporate strategy.
• Establish KPIs, reporting structures, and steering mechanisms for executive oversight.

2. Program Leadership

• Lead the full lifecycle of the NIS2 program: assessment, gap analysis, design, implementation, verification, and readiness for audits.
• Manage multidisciplinary workstreams (cybersecurity, network operations, OT engineering, legal, procurement, etc.).
• Ensure alignment between IT and OT cybersecurity requirements, architectures, and operational processes.

3. Cybersecurity Expertise

• Provide authoritative guidance on NIS2 obligations, including:

1. risk management measures
2. incident reporting processes
3. supply-chain security
4. business continuity and crisis management
5. secure system acquisition and lifecycle management

• Oversee the definition and implementation of technical and organizational security measures across SCADA, industrial control systems, roadside equipment, data centers, and digital platforms.

4. Stakeholder & Vendor Management

• Coordinate internal teams, external consultants, technology suppliers, and third-party operators.
• Ensure consistent communication with regulatory authorities and national CSIRT as required.
• Facilitate change management across business units, promoting awareness and adoption of cybersecurity best practices.

5. Risk, Compliance & Documentation

• Own the regulatory documentation set (policies, procedures, risk analyses, audit evidence).
• Conduct readiness assessments and guide the organization through formal NIS2 compliance verification.
• Maintain a continuous improvement framework to ensure long-term compliance and resilience.

Required Qualifications & Experience

Professional Background

• 5+ years of experience in cybersecurity, IT/OT risk management, or critical infrastructure protection.
• 5+ years of experience in program or project management for large, cross-functional initiatives.
• Demonstrated experience managing cybersecurity or compliance programs in transportation, utilities, energy, telco, or other critical infrastructure sectors.
• Technical & Regulatory Skills
• Strong understanding of NIS2 Directive, cybersecurity frameworks (NIST CSF, ISO/IEC 27001/62443), and incident response processes.
• Good knowledge of OT technologies (ICS, SCADA, PLCs, networks) and modern IT architectures (cloud, network security, identity management).
• Ability to interpret regulations and translate them into operational requirements

Soft Skills

• Excellent leadership, communication, and stakeholder management skills.
• Ability to operate effectively in a heterogeneous, multi-stakeholder environment.
• Strong analytical and problem-solving capabilities.
• Fluent Italian; good English proficiency.

Education & Certifications

• Bachelor’s or Master’s degree in Computer Science, Engineering, Cybersecurity, or related field.
• Preferred certifications: CISM, CISSP, PMP/Prince2, ISO 27001 Lead Implementer, GICSP, or equivalent professional credentials.