Graduated in Management Engineering at Polytechnic of Milan, Jonathan has been dealing with Cybersecurity and Privacy issues for more than 16 years in the Information Risk Management group of KPMG Advisory.
With specific skills in sectors like Finance, Automotive and Energy, Jonathan has responsibility for projects of high complexity relating to the following topics:
– Privacy Management & Governance: verification of compliance levels and support to companies in the definition and implementation of personal data management models, relating to organizational, procedural and technological aspects
– CyberSecurity & IT Risk management: support for the adoption of governance and management models for IT and security risks, in compliance with mandatory and integrated regulations with respect to further areas of risk
– Cybergovernance: definition of organizational models and management processes relating to risk areas relating to third party management issues, Security measuring and reporting, access management & governance
– Cyberdefense: planning and implementation of initiatives to verify the levels of protection of information and corporate assets (VA / PT, Red Teaming, phishing campaign) both in relation to the traditional IT environment and in relation to the OT context (Operational Technology)
– CyberResponse & Business Resilience: definition and implementation of continuity models capable of limiting the impacts related to events of disruptive events
– Emerging technology Risk management: support for the determination and addressing of risks related to the most innovative technologies (concerning areas such as Smart metering, Smart Home and Smart Cities, IoT% & CIS, e-Health security
– IT compliance: in relation to regulatory adjustments with impacts on technological areas both for general regulations (e.g. L.262 / 05, L.231 / 01 – IT crimes) and for sectoral regulations (e.g. NIS Directive, unbundling ARERA legislation)
– Information Security Management System: support for the adoption and certification of information security management systems integrated with additional management systems (e.g. QMS, environmental systems, ERM)
Professor at the Data Protection Officer course of the Higher School of Legal Studies at the University of Bologna and testimonial at various university courses, he obtained the CISA, CISM, CRISC certifications and the qualifications of Lead Auditor ISO 27001 and Lead Auditor 22301.
In the context of the Oracle Community For Security, he oversaw the drafting and participated in the definition of various papers on Information Security and Privacy issues, published by Clusit.
He is currently a member of the Board of Directors of IAEA (Italian Association IS auditor) – ISACA, responsible for the study sessions