Main projects managed at Unisys:

Risk Manager & Security Manager — European Central Bank

01/ 2017 – to date

●        Oversaw Risk Management & IT Security work streams within the End User Computing and System Operation (EUCSO) project for system and application management, field services based on ITIL standards;

●        Developed policies, infrastructures and standards for IT security;

●        Created the ISMS, definition of SoA, controls and metrics, RCSA questionnaires and workshops;

●        Established specific reporting procedure for the Steering Committee related to the project risks in collaboration with the the ECB Counterpart.

Achievements:

●        Administered 32 workstream leads for all IT Security related matters;

●        Managed 140 resources involved in the project in terms of IT Security and GDPR training;

●        Developed  policies and solutions related with IT Security, Business continuity and GDPR compliance under ISO 27001:2013 standard;

●        Achieved 100% systems uptime since Transition towards Transformation.

Responsible for ISO 27001 implementation & compliance –Ministry of Interior

 09/2015 – to date

●        Management of all requirements for ISO 27001 compliance for the Unisys projects performed for the Ministry of Interior (Border Control, Immigration tracking)

●        Internal and external audits preparing all documentation and evidences

●        Implementation of ISMS, SoA, Risk Analysis, Risk Treatment Plan, Metrics and ISO 27001 controls

●        Security policies, standards and plans

Security Expert — ANIA

                                                       06/ 2016 –02/2017

●        Optimized big data for fraud analysis in the automotive market;

●        Managed network and link analytics for detecting collusion and trade finance fraud and for supporting analysis and investigations on real time transactions;

Achievements:

●        Made a feasibility study of the project;

●        Provided proof of concept regarding the implementation of Advanced Data Analytics, having compared trends and detected patterns in user behavior, identified hidden relationships through network analysis and data correlation, Sourced multiple content repositories of public records to detect red-flag patterns;

●        Delivered project effectively, through successful management of a joint team including Data Scientists and Industry SMEs.

Security Manager —  EFSA

                                                                   03/2017 – 09/2017

●        Performed security review of the Identity and Access Management system at EFSA (European Food Safety Authority) with migration of the Oracle Cloud infrastructure towards a Microsoft Azure Active Directory / Active Directory infrastructure;

●        Made a feasibility study with assessment of the current situation (AS-IS) and definition of the reference architecture (TO-BE) and transition methods;

●        Coordinated the POC implementation activities with extraction of LDAP data from the Oracle environment and definition of groups and roles in the AD environment;

●        Planned migration and automation activities for environment synchronization;

●        Modified applications in a test environment to verify the functional compliance of the new surrounding;

●        Defined test plans and checks with the users.

Responsible for ISO 27001 implementation & compliance – City of Rome

 02/2013 – 12/2017

●        Management of all requirements for ISO 27001 compliance for the Unisys projects performed for the City of Rome (Management of the central IT systems including mainframes and 200 servers)

●        Internal and external audits preparing all documentation and evidences

●        Implementation of ISMS, SoA, Risk Analysis, Risk Treatment Plan, Metrics and ISO 27001 controls

●        Security policies, standards and plans

●        Incident Management (CERT) and escalation procedures

Security Manager – Police Highway Patrol

 02/2013 – 12/2016

●        Management of all requirements for ISO 27001 compliance for the Unisys projects performed for the Police Highway Patrol (Law Enforcement procedures, fines management, car license plate checking, Safety Tutor)

●        Internal and external audits preparing all documentation and evidences

●        Implementation of ISMS, SoA, Risk Analysis, Risk Treatment Plan, Metrics and ISO 27001 controls

●        Security policies, standards and procedures to ensure compliance with regulations, licensing requirements and government security obligations, policies, and directives.

IT Director & Security Advisor  — Supreme Administrative Court of Italy

               04/2008 – 11/2016

●        Consulted on all technology and IT security related subjects including compliance to Italian regulations;

●        Managed 32 resources on 15 diverse services like Service Desk, IT Security & Privacy, liaised with Telecom SOC, evolutionary application maintenance, innovative solutions for mobile, etc.; Applied security design (OWASP), performed ITSM Governance Framework (ITIL); Developed security strategies and policies;

●        Evaluated and selected appropriate anti-virus and intrusion prevention technology to ensure complete and continuous coverage with no security breaches;

●        Developed Vulnerability Assessment and Penetration Tests, Risk analysis and risk treatment plans;

●        Supported the Legal Office in compliance with Italian Regulations and Italian Data Protection Authority.

Achievements:

●        Reached total contract value 2.5M€ per year, performed the project on time and on budget with 10% cost savings and additional 6% GM on top of approved financial figures, no SLAs breach, and no penalties;

●        Achieved 8% customers’ satisfaction improvement based on annual surveys;

●        Restored 2600 workstations and 64 servers after a large virus attack occurred before the project start date

●        Provided confidential, executive-level support to the CIO on many different areas (e.g. technology roadmaps, Cyber Security, Data protection regulatory compliance, etc.);

●        Established excellent relationship that has generated partnerships to seminars and meetings issued by the Public Sector in Italy like FORUM PA, the most important event for IT in Public Sector in Italy.

AREAS OF EXPERTISE

    • Cyber Security 
    • Risk Management 
    • ISO/IEC 27001:2005 & 2013
    • GDPR & Data Protection Compliance 
    • Industry 4.0 Digital Transformation 
    • IT Governance 
    • Program / Project Management 

COMPETENCIES

    • Communication Skills
    • Training & Development
    • Planning & Organization
    • Critical Thinking Abilities
    • Consultative selling
    • Problem solving
    • Leadership
    • Multitasking
    • People Management
    • Team Work
    • Stress Resistance
    • Data Analysis
    • Strong Interpersonal Skills
    • Time Management

CERTIFICATIONS

    • CISM ISACA   
    • PMI-PMP
    • TOGAF 9 Foundation  
    • Unisys Risk Assessor Master Level 5  
    • ITIL V3 Intermediate (Service Operation)  
    • COBIT 5 Foundation
    • Innovation Manager (RINA CCM-133/18)  
    • Prince2 Foundation
    • IT Microsoft Certified System Engineer (MCSE)  
    • Gartner TCO Analyst Certification  
    • Certified Selection Interviewer  
    • Six Sigma – White Belt

EDUCATION

Information Technology and Automatic Control University of Rome La Sapienza 
BS in Engineering

University of Rome La Sapienza 
BS in Computer Science

INDUSTRY ACTIVITIES

    • Member of the Unisys Worldwide CISO Board  

    • Member of the Project Management Institute (PMI)  
    • Member of the Italian Association of Professional Managers (AMPIT)  
    • Member of the Italian Chapter of the Association of Certified Fraud Examiners (ACFE)  
    • Qualification to operate in Governmental or Defense environments managing classified data  
    • Partnerships with Customers for joint meeting on IT Security subjects and industry standards  
    • White papers and marketing collaterals for seminars and roundtables in Italian and English