Cyber Security Specialist

Milano Cortina 2026 Milano Italy Games Technology Hybrid

Company Description

Take the chance to work for the Organization in charge of delivering one of the biggest and most prestigious events in sport field! Feel the Olympic and Paralympic energy joining us at Fondazione Milano Cortina 2026, leaving a mark in the sport history!


Fondazione Milano Cortina 2026 is the Organizing Committee for the Olympic and Paralympic Winter Games of 2026, carrying on the organization, promotion and communication of the sporting and cultural events related to the next Winter Games.

We are driven by the following values: respect, determination, legacy, engagement and sustainability.

Milano Cortina 2026 will be the first large-scale Olympics in history: 9 Olympic venues, 21 provincial capitals, 2,300 municipalities directly involved, over an area of 22,000 square km.

The Milano Cortina 2026 Organizing Committee has been established in 2019 with the purpose of organizing Olympic and Paralympic Games in compliance with the Host City Contract signed jointly by the International Olympic Committee (IOC), the two cities of Milano and Cortina and the Italian National Olympic Committee (CONI).

Furthermore, the Italian Paralympic Committee, the Regions of Lombardy and Veneto, as well as the Autonomous Provinces of Trento and Bolzano/Bozen are all partners in this major national-level project, with the support of the Italian Government.


The Junior Cyber Specialist, together with the Cybersecurity & Compliance team, analyses the Cybersecurity and Privacy risk of applications and services, supporting the analysis of Cyber and Data Breach incidents, interfacing with numerous customers within the Foundation and Service Providers.


  • Supporting the analysis of the applications and services provided in order to track and catalog the categories of data processed and carry out Cybersecurity and Privacy risk analyses, also by collecting the necessary material and documentation from the various managers or their delegates.
  • Ensureing the completeness and up-to-date of the documentation collected for the purposes of Cybersecurity and Privacy analysis
  • Providing support to the analysis of Cyber and Data Breach incidents
  • Performing periodic checks on the collected information on the management systems
  • Facilitating the exchange of information with internal customers and service providers
  • Providing support to the awareness and continuous training of staff on Cybersecurity and Privacy
  • Partecipating, if requested and according to his/her competence, in the activities planned for the Security Operation Centre during the period of the games.


  • Proficient user of Windows and Office systems (Office 365 preferred)
  • Awareness of general cybersecurity principles
  • Experience in managing and cataloguing information related to assets and/or applications
  • Good knowledge of English, written and spoken (B2)
  • Excellent communication, interpersonal skills, and teamwork
  • A bachelor's degree in computer science or a related field is required.
  • 2 or more years of hands-on experience in the role in application management and asset management contexts

Other information

Fondazione Milano Cortina 2026 is committed in building an inclusive and diversified working environment, striving to guarantee equal opportunities for all workers (L.903/77).

Already registered? Login with your account

Not registered? Complete the form

The operating system you are using causes the expiration of the uploaded files within one minute: we recommend you to upload the attachments as the last step before sending the application. Otherwise you will be asked to upload the files every 60 seconds.

Click here (or drag and drop) to Upload a file
doc, docx, txt, rtf, pdf, odt (Max: 2 MB)

Information on the processing of personal data of Applicants

Fondazione Milano Cortina 2026, with registered office in Milan, Piazza Tre Torri 3, C.F. 97866790153, VAT #11199200962, as the Data Controller (hereinafter, "Controller"), informs the Applicants, pursuant to EU Regulation 2016/679 ("GDPR") and current national legislation on the protection of personal data, that their data will be processed according to the methods and for the purposes hereinafter indicated.

1.     Object of the processing

The Controller processes the data communicated by the Applicant (or communicated by third parties, such as companies in charge of the selection and/or employment agencies) during the selection phase and during the job interview with the Controller (hereinafter, "Data" or "Personal Data"), in particular the following categories:

·      identification data such as, by way of example, name, surname, address of residence and domicile, place and date of birth, e-mail, telephone number, tax code, data contained in the CV, employment data, salary data, educational and professional path data, etc.;

·      evaluation data such as, by way of example, notations, evaluations, etc., possibly collected during the interviews and/or provided by third parties such as employment agencies and/or selection companies;

·      particular/sensitive data relating to the state of health such as, by way of example, data for verifying suitability for certain jobs, data relating to belonging to protected categories, where necessary for the activity applied for.

2.     Purposes and legal bases of processing

The Applicants’ Personal Data can be processed without their prior consent for the following purposes and legal bases:

·      the fulfillment of pre-contractual commitments, and in particular:

-         for the correct execution of the personnel selection process (for example, management of applications);

-         to allow the application for a specific job position;

-         the possible fulfillment of pre-contractual and contractual obligations required for the establishment of the employment relationship.

·      for the Controller to comply with legal obligations, such as:

-         compliance with the legislation on the recruitment of the so-called Protected categories;

-         the fulfillment of specific obligations established by law, company regulations, collective agreements, national and community regulations as well as deriving from provisions issued by authorities legitimated by law.

·      the pursuit of a legitimate interest of the Controller and, in particular, for the exercise of the rights of the Controller in court and the management of litigation, as well as the prevention and repression of unlawful acts: the interest of the Data Controller corresponds to the constitutionally guaranteed right to initiate proceedings (art. 24 of the Italian Constitution) and, as such, is socially recognized as prevailing over the interests of the data subject.

3.     Means of Processing

The processing of Applicants’ Data is carried out, both on paper and electronically, by means of the operations of collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and data destruction. The Personal Data of the Applicant are subject to electronic and possibly automated processing. Applicant's Personal Data are protected in a way that minimizes the risk of destruction, loss (including accidental loss), unauthorized access/use, or use incompatible with the initial purpose of collection, thanks to technical and organizational security measures implemented by the Controller.

4.     Data Storage period

The Controller processes the Personal Data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 24 months from collection if an employment relationship is not established or if Fondazione does not receive an updated CV within the next 15 days. In such cases, the system will delete the information and, at the same time, send the candidate a notice of cancellation. If, in the event of an employment relationship being established, for 10 years from its termination.

5.     Provision of Data

The provision of Personal Data is required for the start and continuation of the selection phase and, possibly, to establish the employment relationship.

6.     Access to Access

Applicants’ Data may be made accessible for the above purposes to:

·      employees and/or collaborators of the Controller, in their capacity as appointed and/or internal data processors and/or system administrators;

·      third-party companies and other subjects (for example, labor consultants, etc.) who carry out outsourced activities on behalf of the Controller and who will process the Data in their capacity as data processors.

The updated list of internal/ data processors and system administrators is kept at the Data Controller’s offices.

7.     Recipient categories

The Applicants’ Personal Data may be communicated, without their prior consent, for the aforementioned purposes to Public Administrations or competent authorities, as well as to third parties such as selection companies and/or employment agencies who will process the Data upon request as independent data controllers.

8.     Transfer of Data

The Applicants’ Data will not be disclosed but may be transferred for the aforementioned purposes to non-EU countries. To ensure an adequate level of protection of Personal Data, the transfer will take place by virtue of the adequacy decisions approved by the European Commission or the adoption, by the Controller, of the Standard Contractual Clauses drawn up by the European Commission. The list of non-European countries to which the Data is transferred is available at the Controller’s office.

1.     Rights of the Data Subject

The Controller informs that, as data subject, according to limitations established by law, any Applicant has the right to:

·      obtain confirmation on the existence of their Personal Data, even before registration, and that such Data are available in an intelligible form;

·      obtain indication and, where appropriate, copy of: a) the source and category of Personal Data; b) the logic applied in case of processing carried out electronically; c) the purposes and methods of processing; d) the identification details of the Controller and processors; e) the persons or categories of persons to whom the Data may be communicated or who may become aware about, in particular in case of recipients in third countries or international organizations; e) when possible, of the period for which the Data will be stored or the criteria used to determine that period;

·      obtain, with no delay, the updating and rectification of inaccurate Data or, when relevant for the data subject, the integration of incomplete Data;

·      withdraw their consents at any time, easily, without hindrance, through the same channels used for the data provision, if possible;

·      obtain the erasure, transformation into anonymous form or blocking of Data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of withdraw of the consent on which the processing is based and in case there is no other legal basis, d) in case of opposition to processing in the absence of any overriding legitimate reason to carry on the processing; e) for the fulfillment of a legal obligation; f) in the case of Data referring to minors. The Controller can refuse the erasure only in the case of a) exercise of the right to freedom of expression and information; b) fulfillment of a legal obligation, execution of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in court;

·      obtain the restriction of the processing in the case of a) objection to the accuracy of the Personal Data; b) unlawful processing of the Controller to prevent its erasure; c) exercise of personal right in court; d) verification of the possible prevalence of the legitimate reasons of the Controller with respect to those of the data subject;

·      in case of processing carried out by automatic means, receive without hindrance and in a structured, commonly used, and readable format, the Personal Data in order to transfer them to another controller or - if technically feasible - to obtain direct transmission by the Controller to another one;

·      object, in whole or in part, for legitimate reasons connected to personal situations, to the processing of their Personal Data;

·      lodge a complaint with the Supervisory Authority.

In the cases referred to above, where necessary, the third parties to whom the Applicants’ Personal Data are communicated will be informed by Controller of any exercise by the Applicant of their rights, except for specific cases (for example, when such communication is proven impossible or involves a use of means manifestly disproportionate to the protected right).

2.     Methods of exercising rights

The Applicants may at any time exercise their rights by:

•        sending a registered letter with return receipt to the Controller's address;

•        sending an email to [email protected].

Milan, January 2023

Fondazione Milano Cortina 2026

(If you do not accept, your request cannot be processed)