• Graduate studies completed with a Bachelor's degree;
• Languages: English fluent, Romanian;
• Communication and negotiation skills;
• Analysis and synthesis capability;
• Correlation capacity between events;
• Distributive attention;
• Results and customer oriented;
• Team spirit;
• Self-organizing capacity;
• Punctuality in carrying out tasks;
• Independent working capacity;
• Required work experience (length of specialty required by post): minimum 3 years.
• Implement Group Cyber Security objectives to control IT & Cyber Security risks;
• Supports projects, initiatives, including Security Evaluation;
• Ensures that Risk Acceptance Forms are current and participate in Risk Review;
• Performs Security Assessments, confirming adequacy of Security Measures;
• Confirms that adequate measures are in place via regular reviews;
• Monitors existing environment for Threats. Performs ad-hoc reviews when needed;
• Acts as escalation Point for Security Issues;
• Creates Security procedures in such a way that all repeatable tasks are documented and appropriate
• tasks are handed to the Security
• Apply ITRM Group framework and supporting processes for the IT Governance, Compliance,
• Continuity & Security domains;
• Provide technical guidance for security activities within company, in accordance with Group requirements,
• Best practices and Industry standards;
• Support initiatives that require Security assessment & execution;
IT Risk & Cyber Management framework
• Apply IT Risk framework as per policy ITG0051 for IT Security, IT Continuity, IT Compliance & IT Governance;
• Alignment of practices (. risk evaluation criteria and thresholds, risk matrices/heatmaps) across all risk domains in accordance with Group practices;
• Implement IT risk management as per ITG0051, focusing Information Security, Compliance & Continuity;
• Inspect risk scenarios to estimate the likelihood and impact of significant events to the organization.
• Participate in assesment of assets & applications;
• Reviews developments on Risk Acceptance Form Action plan and ensures progress is validated from a technical perspective, on a regular basis;
• Support the IT risk awareness program and advocate Group best practices;
• Review risk response plans ensuring that risk factors and events are addressed – from a technical perspective in competency domain.
Cyber Security Incident Management
• Subject Matter Expert for Cybersecurity Incident Response plan. Technical leader of the local CSIRT team,
• acts as escalation point. Ensures Incident Management plan is operational and covers all defined scenarios. Tests readiness and performs Red Team exercises.
• Leads CSIRT team from a technical perspective.
IT Risk Monitoring
• Monitor and report deviations to the IT Risk framework;
• Consult on risk and inform relevant stakeholders of noted deviations. This includes the technical review of response plans.
• Support independent (external, Inspection Generale) risk and process reviews.
• Support risk & compliance, initiate corrective actions.
IT Control Definition
• Identify opportunities for local controls. Conduct risk analysis and validate with manager.
• Implement validated controls;
• Support process maturity increase & automate repeatable processes;
• Identify control deficiencies and maturity gaps. Ensure that deficiencies are remediated and the solution is validated.
• Annual bonus (correlated with performance);
• Meal ticketRon/ticket);
• Medical subscription for employee and his children – Sanador;
• 24 vacation days;
• Gym discounts - 7Card;
• Bookster - virtual library;
• 1day/work from home (after 3 months);
• Christmas party.