MANIFESTATION OF INTEREST
Cyber 4.0 is the National Highly Specialized Competence Center for cybersecurity, one of the 8 highly specialized competence centers established and co-funded by the Ministry of Business and Made in Italy in the context of the Industry 4.0, Transition 4.0 and PNRR actions. Cyber 4.0 is established in the form of a private-law Association, expressing a public-private partnership that is broadly representative of the national cyber security environment, with the participation of more than 40 actors of national significance, representing universities and research organizations, public institutions, large companies, foundations and highly specialized SMEs.

Cyber 4.0’s mission is to accompany policy makers, businesses and PA on a path of growth toward secure digitization, thanks to concrete, strategic and sustainable solutions based on knowledge, innovative technologies and enabling services developed with the expertise of its network, which enhance the country’s excellence in the European and international context.

By institutional mandate, the Center offers guidance and training activities to Companies and Public Administration, provides highly specialized services also through the expertise of its members, and finances research and innovation projects both in the context of core cybersecurity activities, transversal to each product sector, and in specific vertical contexts, with reference to the Healthcare, Automotive and Aerospace sectors.

Aiming to support businesses and PAs on the path to adopting innovative technologies, Cyber 4.0 can rely both on its own infrastructure, including through the demo lab at its headquarters, and on facilities provided by its members.

The Center is coordinator of the NEST (Network for European Security and Trust) initiative, which received the Seal of Excellence from the European Commission for the establishment of a European Digital Innovation Hub (EDIH), involving the regions of Lazio, Umbria and Abruzzo.

In addition, the Center partners with two Emerging Technology Houses (Cagliari and Pesaro), as well as being a MIMIT-accredited entity for service delivery in the Training 4.0 plan.

Finally, the Center participates in the EU Project “Secure” as a partner responsible for the distribution of Third Party Financing. The objective of the project is the Europe-wide distribution of financial incentives to be provided to Small and Medium Enterprises operating in the territory of the Union in support of activities aimed at achieving Compliance with the Cyber Resilience Act (EU Regulation 2024/2874). The project is funded under the terms of the DIGITAL-ECCC-2024-DEPLOY-CYBER-06-STRENGTHENCRA call.

The Center also participates in important international networks focused on strengthening cybersecurity skills (e.g., EU CyberNet, LAC 4, GFCE, ECSO, Global Cyber Alliance, etc.) and is involved in the implementation of EU-funded projects, both in the context of the Horizon Europe and Digital Europe programs.

In addition to its institutional activities, the broad spectrum of expertise covered also enables CYBER 4.0 to present itself as an entity capable of delivering qualified services in response to specific market needs, both in the domestic and international context.

Finally, the Center fosters business networking, matchmaking and open innovation activities in cybersecurity at the national level, and is a liaison entity for local SMEs and institutions to national and EU institutions working in the cybersecurity field, first and foremost the National Cybersecurity Agency and the European Cybersecurity Agency (ENISA).

The governance of the Center is provided by the Coordination and Management Committee, which is the decision-making body, and the Scientific and Steering Committee, which provides guidance on the content of the Center’s courses of action.

CYBER 4.0 operations are provided by the Project Office, which reports to the Director of Operations

Additional information on the type of activities planned can also be found on the CYBER 4.0 website: https://www.cyber40.it.

Activities of the Cybersecurity GRC Project Manager CYBER 4.0
The Project Manager will lead planning and management activities for recently acquired Cyber 4.0 funded projects, with particular reference to European start-up projects in the area of Cybersecurity Governance, Risk & Compliance. The PM will report directly to the Training and Advisory Manager, but will work in coordination with all business functions involved with reference to the content of the projects themselves.

Specifically, the following activities fall under the operational responsibilities of the project manager:

• Engineering and execution of project-related implementation plans;
• Project Management activities: support the implementation of processes for the development of defined activities, coordinating external stakeholders, such as consortium partners, and internal stakeholders, such as member companies of the Competence Center;
• support for the design, supervision and review of cybersecurity maturity assessment models and activities at companies served by the Center of Competence;
• support for the definition and implementation of content, guidelines, and advisory and training activities in the area of cybersecurity governance, risk & compliance, with particular reference to EU Regulation 2024/2874 (Cyber Resilience Act) and key industry frameworks, standards and regulations (FNCS, NIST CSF 2.0, ISO 27001, NIS-2…);
• Support toward the Finance & Accounting function for timely reporting of contracts;
• Execution of Change Management and Demand Management plans, in coordination with the Business Development function;
• Verification of the quality of services;
• Production of reports to top management on trends, critical issues, evolutions of managed projects
• Support for the preparation of the Competence Center’s contribution to project proposals funded either in the EU, in the Digital Europe and Horizon Europe context, or in the national or regional context.

Type of contract and grading
The grading and salary will be defined on the basis of the role, responsibilities related to the performance of the duties envisaged and previous experience, in accordance with the provisions of the C.C.N.L. for Tertiary, Distribution and Services Sector Companies.

The work location is Rome, with the possibility of domestic and international travel.

Requirements
Required Qualifications:

• Master’s degree relevant to the profile, e.g., information field, industrial and information engineering, degrees in Mathematics, Physics, Data science, Management and Computer Science, etc;
• Alternatively, documented experience of at least 6 years in roles similar to the profile of interest, with increasing responsibilities.
• Bachelor’s, certification, master’s, diploma or other degree in Cybersecurity, Information Security or Business Continuity.

Required experience:

• Experience in public, national or European fund management mechanisms;
• Experience in the mechanisms of operation competitive calls and partnership projects;
• Knowledge of major frameworks, standards and regulations in cybersecurity, information security, data protection (Standards: ISO/IEC 27001:2022, ISO 22301; ISO 27005; ISO 31000. Framework: FNCS, NIST CSF 2.0. Standards: GDPR, NIS-2, Cyber Resilience Act, AI Act, CER and its implementing decrees).

Soft Skills (nice to have):

• Good communication, public relation and standing skills in both Italian and English.
• Excellent interpersonal skills at all levels and predisposition to work in heterogeneous teams. The position requires constant comparisons not only with colleagues in the Competence Center, but also with external stakeholders, partners and institutions.

Foreign languages:

• Excellent knowledge of the English language (C1 level).

Submission of Expressions of Interest.
The expression of interest is non-binding and can only be submitted through the online form, which can be reached through www.cyber40.it, Section: Work with Us.

The application, including acknowledgement of the personal data processing notice, must be submitted no later than midnight on September 30, 2025.