What is the role about?
The Job Holder is accountable for managing and surveillance of the IT Security testing function, an important and essential compliance task within the OMV Group IT/OT Governance service catalogue portfolio
The scope of duties encompass tasks related to the upfront info-gathering and ramp-up activities required to define, align and confirm the scope of the planned tests with the relevant stakeholders (internal and external) and formalize it process-wise in order to get it performed.
- Responsible to manage the IT/OT security testing methodology and ensure its applicability within the various testing formats (. pentest, system scans);
- Responsible to define, align and confirm the scope of security test scenarios with the various (internal and external) stakeholders involved and manage the processing, completion and aftermath activities (. reporting, de-briefing) according to given processes;
- Defines and aligns with relevant peer units continuous and recurrent test scenarios in both IT and OT environments;
- Acts as responsible function to setup, define and monitor Pentest activities processed by 3rd parties;
- Investigates, analyses, and identifies improvement areas out of suspicious behavior, attacks, and security breaches within OMV Petrom environment using a variety of cyber defense tools pro-actively identify and mitigate threats;
- Creates security assessment reports and provide recommendations on how to mitigate detected vulnerabilities;
- Defines cybersecurity principles and controls plans to protect information assets against unauthorized access;
- Keeps up to date with latest testing and hacking methods;
- Assesses complex application areas or network segments and guide in terms of best practices to avoid cyber-sec exposure;
- Shows up as pre-incident consultant and support in potential IT security incident response activities.
- Master Diploma (Computer Science, Engineering or Business);
- Relevant professional experience: more than 9 years;
- Specific certifications such as . CISSP or CISA, Certified Ethical Hacker (CEH), Cyber-security certifications (. CHECK, CTM, CTL, CREST, TIGER, OSCP) preferable but not mandatory, Recognized security testing certifications (. GIAC - GNFA, CEH) preferable but not mandatory;
- Excellent understanding of security architecture principles, network topologies and WEB technologies;
- Scripting and programming skills preferable but not mandatory;
- Advanced understanding of compliance & regulatory requirements in the context of vulnerability scanning and penetration testing, Advanced understanding in following areas: Service Continuity, Cyber Security Incident Response, Cryptography, Threat Assessment, Identity and Access Management, Data Protection, Security Architecture and Design, Auditing;
- Excellent technical knowledge of IT Networks, Operating Systems and Enterprise integrations;
- Experience in managing standards, developing Security Operations Processes;
- Good knowledge and skills of the Microsoft 365 suite;
- Excellent communication and intercultural skills, both verbal and written mandatory in English, German is appreciated.