Alessandra Liverani

Compliance and Regulatory Skills:

• Expertise in NIST Cybersecurity Framework (CSF): Skilled in implementing the NIST CSF to assess, manage, and improve organizational cybersecurity posture.
• ISO/IEC 27001 Compliance Management: Proven experience in implementing and maintaining compliance with ISO/IEC 27001 standards for Information Security Management Systems (ISMS).
• GDPR (General Data Protection Regulation) Implementation: Deep understanding of GDPR requirements, data privacy best practices, and strategies for ensuring compliance across the organization.
• NIS2 Directive Alignment: Expertise in aligning organizational practices with the NIS2 Directive for improving network and information systems security.
• DORA (Digital Operational Resilience Act) Compliance: Proficient in operational resilience measures in line with the DORA requirements, ensuring financial stability through cybersecurity controls.
• Third-Party Risk Management (TPRM): Managed third-party risk assessments and ensured vendors comply with regulatory standards such as SOC 2, HIPAA, and GDPR.
• IT Governance with COBIT Framework: Deep knowledge in applying the COBIT framework to ensure effective IT governance and risk management aligned with business objectives.
• SOX (Sarbanes-Oxley) IT Compliance: Extensive experience in ensuring IT controls and cybersecurity practices comply with SOX regulations, focusing on audit readiness and financial integrity.

• Cybersecurity Risk Assessment (in line with ISO 31000 and NIST 800-30): Expertise in conducting risk assessments using recognized frameworks, identifying vulnerabilities, and mitigating potential threats.
• Internal and External Auditing (ISO 27001 Lead Auditor): Experience leading internal audits to evaluate and improve compliance with ISO standards and regulatory requirements.
• Security and Privacy Impact Assessments (GDPR, NIST 800-53): Conducted detailed assessments to evaluate data protection and privacy impacts in compliance with GDPR and NIST standards.

• Development of Information Security Policies (ISO 27002): Proficient in creating and enforcing comprehensive security policies and procedures, ensuring alignment with ISO 27002 guidelines.
• Cybersecurity Governance and Strategy (aligned with NIST, ISO, COBIT): Led the development of cybersecurity governance frameworks to align with international standards and enhance enterprise-wide security.

Incident Response and Business Continuity:

• Business Continuity Planning and Disaster Recovery (ISO 22301): Skilled in designing and implementing business continuity plans (BCP) and disaster recovery strategies in line with ISO 22301 standards.
• Incident Response Planning (NIST 800-61): Developed and managed incident response protocols to detect, respond, and recover from cybersecurity incidents in compliance with NIST standards.

• Security Metrics and Compliance Reporting: Experience in generating detailed compliance reports for executive leadership, using tools and metrics aligned with NIST, ISO, and GDPR requirements.
• Regulatory Audits and Compliance Reporting: Successfully led regulatory audits and prepared detailed reports to demonstrate adherence to international cybersecurity regulations and standards.

• Cybersecurity Awareness and Training Programs (aligned with NIST, GDPR): Designed and conducted organization-wide security awareness programs, ensuring staff are trained on best practices and regulatory obligations.
• Stakeholder Communication and Regulatory Updates: Acted as a key liaison between the cybersecurity team and top management, providing clear updates on regulatory changes and compliance status.

• ServiceNow Platform Expertise: In-depth experience with the ServiceNow platform, including configuration, customization, and administration.
• IT Service Management (ITSM) Implementation: Strong understanding of ITSM processes and implementation using ServiceNow modules such as Incident Management, Problem Management, and Change Management.
• Workflow Design and Automation: Expertise in designing and automating workflows within ServiceNow to streamline business processes.
• ServiceNow Reporting and Dashboards: Ability to create and customize reports, dashboards, and performance analytics to provide business insights.
• CMDB (Configuration Management Database) Management: Knowledge of managing and maintaining the CMDB in ServiceNow, ensuring accurate tracking of IT assets and their relationships.
• Project Management for ServiceNow Implementations: Experience managing end-to-end ServiceNow implementation projects, ensuring delivery on time and within scope.
• Stakeholder Communication: Strong communication skills, able to act as a liaison between technical teams, business units, and stakeholders to ensure alignment on ServiceNow solutions.
• ServiceNow Training and Documentation: Experience in creating user documentation, providing training, and ensuring knowledge transfer for ServiceNow users and administrators.

• Network Monitoring and Troubleshooting: Proficient in monitoring network performance and resolving network issues using tools like SolarWinds, Nagios, Zabbix.
• Incident Management: Experience in identifying, diagnosing, and escalating network incidents, ensuring minimal downtime and fast resolution according to customer SLAs.
• Network Infrastructure (Routers, Switches, Firewalls): Solid understanding of network devices such as Cisco routers, switches, firewalls, and their configurations.