Alessio De Angelis

Experience

• 

  Strateghia

  May 2007 - Aug 2007

  Junior Consultant

  Web Strategy and Marketing analyst; drafting of educational material for E-Procurement and E-Commerce (Web 2.0) training courses.

• 

  Poste Italiane

  Sept 2007 - Dec 2007

  Analyst

  Purchasing Control - Planning, monitoring and reporting of Group purchasing processes.

• 

  Ernst & Young

  Jan 2008 - Jan 2018

  Manager

  Manager at EY Italy within the IT Risk and Assurance Services practice.Technology advisor regarding IT Risk and Governance related fields (Information & Cyber security, IT Continuity, IT Risk Management, IT Compliance).Involved with different roles and responsibilities in a number of advisory engagements and activities, in particular:- Planning and execution of audit programs over a number of IT process (software licensing, IT architectures, network management, IT cost management, Data Privacy, etc.).- Design and implementation of Information Security Management Systems (ISMS), Service Management Systems (SMS) and Business Continuity Management Systems (BCMS), in order to gain and/or maintain certification for ISO 27001, ISO 20000 and ISO 22301 standards respectively.- Review of IT security risks in projects associated with the design, configuration and implementation of IT systems in order to ensure that they were in an acceptable level as determined by client security policies and business risk appetite.- Review of Entity Level Controls, IT General Controls and Application Controls over Accounting and Financial reporting and for compliance requirements (Italian Laws 262/05 and 231/01; Data Privacy Regulation; CobIT; etc.). Show less

• 

  Deloitte

  Jan 2018 - Apr 2019

  Manager - Cyber Risk Services

  Manager at Deloitte Risk Advisory within the Cyber Risk Services practice, supporting organisations to improve their cyber risk posture through cyber security initiatives integrating strategic risk, regulatory and technology components.Relevant experience gained in the management of complex cyber security projects where I was involved in planning and controlling, leading teams and managing partners and suppliers.Involved with different roles and responsibilities in a number of advisory engagements and activities aiming to:- Define and implement Cyber Security strategies.- Review and improve Information Security Management Programs.- Define and implement IT/Security Risk Management framework.- Perform Cyber Security Assessment.- Set-up and implement CERT (Computer Emergency Response Team). Show less

• 

  Leonardo

  Apr 2019 - now

  Operational supervisor for the “IT System” audit area, within ICT Audit OU at Leonardo.Relevant experience gained in the management of audit projects where, reporting to the Audit Executives, I am involved in planning and controlling operational activities and coordinating teams.Main responsibilities are:- Assist the Head of ICT Audit in the development of the 3-year IT audit plan, based on the annual risk assessment, that addresses the key areas of risk related to Information Technology at Leonardo.- Conduct audits aimed to review risks and controls related to IT systems, processes, services and programs, providing on-the-job supervision and support to audit team members.- Prepare reports and discuss audit findings and recommendations with relevant Management.- Review and monitor the progress of the actions agreed with the IT Management to mitigate control deficiencies and/or enhance the effectiveness or efficiencies of operations, also through planning and execution of Follow-up audit interventions.- Apply the methodology and tools common to the Group Internal Audit OU, in order to ensure uniformity of analysis, execution, formalization and traceability of activities. Show less

  • Head of Digital & Cyber Security Audit

    Nov 2024 - now

  • ICT Internal Auditor

    Apr 2019 - Nov 2024