HSPI SpA is a management consulting company founded in 2003 through the initiative of a small group of professionals with significant experience in leading multinational consulting companies. HSPI, thanks to the strong skills of the professionals who set it up, has always characterized for an operating model capable of integrating distinctive Management Consulting skills with specialist knowledge in the ICT and Digital Innovation fields.

Since October 2020 HSPI is part of TXT Group and offer an extended range of professional services in Business Consulting, IT Strategy and Governance and Digital Innovation.

Senior Consultant - Compliance, IT Audit&Risk 

HSPI s.p.A, a leader in IT Governance services and part of the TXT Group, is looking for a Senior Consultant in the field of Compliance, IT Audit and IT Risk Management for the expansion of the headquarter in Bologna.

Main responsibilities: 

  • Supporting the Customer in the definition and revision of Management Systems, defined according to ISO standards (ISO27001, ISO9001, ISO37001, ISO22301, etc.) and Control Systems based on Customer regulations and/or processes and procedures;
  • Performing internal audit activities, according to norms or frameworks based on industry standards and best practices;
  • Collaborating in the definition of models and in carrying out risk analysis activities;
  • Collaborating in the drafting and updating of cybersecurity policies and procedures;
  • Cooperating in the provision of specialized training courses;
  • Coordinating a project group;
  • Intercepting the Customer’s needs and the critical issues that emerged during the activities carried out for the project.

Indispensable technical skills:

  • Bachelor's degree in Economics, Engineering, Computer Science or related disciplines;
  • Good knowledge of English and perfect knowledge of both spoken and written Italian;
  • Good knowledge of the Office package (Power Point, Excel, Outlook);
  • Knowledge of programming languages (SQL, Java, etc.);
  • Experience in managing projects on different Clients and coordinating a project team;

Nice to have:

  • Knowledge of the principles related to management systems and experience in the definition of management systems, defined according to ISO standards;
  • Knowledge of audit techniques and experience in internal audit activities, carried out according to a reference standard/framework;
  • Knowledge of the main standards of risk analysis and experience in the definition of models and performance of risk analysis activities;
  • Eventual Certifications in the field (Lead Auditor 27001/22301/9001, COBIT, ITIL, CISA; CISM, CSX, etc.);
  • Experience in drafting and updating cybersecurity policies and procedures;
  • Knowledge of the main information security frameworks (NIST, CSC SANS, ISO27001/27002, ENISA, ...);
  • Knowledge of the techniques and experience in the provision of specialized training courses.

The profile is completed by excellent analytical and relational skills, precision and an orientation to team working and the achievement of goals.

3/5 years of experience are required. 

What we offer:

  • Permanent contract;
  • Hybrid work mode;
  • Customized training plans and achievement of internationally recognized certifications (ITIL, Prince2, COBIT, ISO27001, ISO22301, ISO9001, ISO37001, etc.);
  • Stimulating work environment that promotes professional growth and career paths;
  • High autonomy and responsibility; 
  • Direct relationship with corporate management and end customers.

The level of entry and remuneration will be commensurate with the actual experience and seniority gained.


Sede: Bologna, BO (Italy)

Other available positions

Geographic Information System (GIS) Analyst
Sesto Calende, VA - IT
Aerospace Software Engineer
Sesto Calende, VA - IT
Junior IT Operations
Cologno Monzese, MI - IT
Software Tester
Torino, TO - IT

Privacy notice


pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR)

TXT e-solutions Spa (the “Company” or "Controller"), appointed as external data processor by the companies belonging to the TXT Group, intends to inform you that the processing of your personal data acquired by the Company, as part of the current recruitment and selection process, is in compliance with the current legislation on the protection of personal data (the "Privacy Law"), including the EU Regulation 2016/679 (the "GDPR").

1.        Purpose of the processing of personal data

The Controller informs you that personal data, included special categories of personal data, acquired by the Company will be processed for the following purposes: conducting recruitment and/or selection of personnel; handling disputes, as well as exercise his rights in Court; verifying any conflicts of interest that may occur.

The consent to the processing of your Personal Data for the purposes is not mandatory and the related processing requires your consent. However, any refusal to respond and/or the conferral of inaccurate and/or incomplete information may result in the Company's inability to consider your candidacy and/or the inability to adequately assess your professional profile.

2.       Modalities of the processing of personal data

Operations can be carried out with or without the aid of electronic or automated tools, but in any case, with tools that ensure compliance with the provisions and requirements of confidentiality and security provided by the applicable law.

3.       Access to personal data

Your personal data may be made accessible to:

a) employees and collaborators of the Company, duly authorized by the Data Controller, in their capacity as persons authorized to process and / or system administrators within the Company;

b) authorized representatives, including companies who provide services functional to the purposes, as data processors, with particular regard to recruiting matters;

c) subjects to which is entrusted the service of maintenance and development of our computer system, for the time strictly necessary to the execution of the services.

4.      Data retention period

Your data will be kept for a period not exceeding 36 months.

5.       Transfer of data extra EU

Management and storage of personal data shall be in servers located in European Union, belonging to the Data Controller or to third-party companies duly appointed as Processors. Data won’t be transferred outside European Union. However, the Data Controller has the right to change the servers’ location inside the European Union and/or to Countries Extra-UE.  In the latter case, the Data Controller ensures that Extra-UE data transfer shall be in full compliance with Articles 44 and following of the Regulation and will provide appropriate safeguards by contractual clauses between the Data Controller and the recipient of the personal data in the third country which include a description of adequate security measures.

6.       Rights of the data subject

We inform you that at any time in relation to your data, you can exercise the rights under article15 of the Regulation. In detail:

a) you have the right to obtain from the Company confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: i) the purposes of data processing; ii) the categories of personal data concerned; iii) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; iv) the  period for which the personal data will be stored; v) where the personal data are not collected from the data subject, any available information as to their source; vi) the existence of automated decision-making, and, at least in those cases, meaningful information about the logic involved; vii) when personal data are transferred to a third country or to an international organization the appropriate safeguards pursuant to Article 46 relating to the transfer.

b) Moreover, under articles 16-21 of the Regulations, you have the right of the: access, update, rectification, integration or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; obtain the data portability; withdraw consent to the processing of personal data, if applicable; to lodge a complaint with a supervisory authority.

The Company shall provide information on action taken on a request under Articles 15, 16, 17, 18, 20, and 21 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Company shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. The outcome of your request will be provided in writing or in electronic format.

7.       Procedures for the exercise of rights

The data subject is entitled at any time to exercise the rights set forth in Article 15 of the Regulation as follows:

i) by sending a registered letter the Controller at Via Milano, 150 - 20093 Cologno Monzese (MI) – Italy;

ii) by sending an e-mail to: privacy@txtgroup.com;

iii) via the whistleblowing platform: https://whistleblowing.txtgroup.com.

8.       Controller and data protection officer

The Data Controller is TXT e-solutions Spa. The complete and updated list of the Data Processors and other subjects to whom your data may be transferred is available on request from the Data Controller.

The Data Controller

TXT e-solutions Spa