Nivel cariera

Middle (2-5 ani)

Limbi vorbite

engleză

Adresa/adresele jobului


Requirements: 

• Communication and negotiation skills;
• Analysis and synthesis capability;
• Correlation capacity between events;
• Distributive attention;
• Results and customer oriented;
• Team spirit;
• Self-organizing capacity;
• Punctuality in carrying out tasks;
• Independent working capacity;
• Initiative;
• Good interpersonal skills at all levels;
• Self-Motivated;
• Flexible and able to adapt to change;
• A highly visible people oriented style with the assertiveness, determination and relationship building skills to challenge objectives and ensure positive results;
• Good influencing skills and a positive opinion leader;
• Positive, enthusiastic attitude;
• Calm and patient under pressure; 
• Must demonstrate drive and enthusiasm to take positive action and progress projects to a conclusion.

Responsibilities:

Job’s objectives
• Manage Group Cyber Security framework to control IT & Cyber Security risks; 
• Management of the IT security and risk control plan;
• Establish Cyber Security requirements for partners (3rd parties);
• Improves business continuity through IT security and risk controls;
• Presents reports, risks assessments and the relevant information to management;
• Perform technology and regulatory watch in domain of competence;
• Member of the first line of defense and directly reports to the CEO.

Governance
• Implement and provide Governance ITRM Group framework and supporting processes for the IT Governance, Compliance, Continuity & Security domains;
• Provide Governance for security activities within company, in accordance with Group requirements, Best practices and Industry standards.

IT Risk & Cyber Management framework
• Implement the IT Risk framework as per policy ITG0051 for IT Security, IT Continuity, IT Compliance & IT Governance;
• Ensure alignment of practices (. risk evaluation criteria and thresholds, risk matrices/heatmaps) across all risk domains in accordance with Group practices;
• Supervise IT risk management as per ITG0051, focusing Information Security, Compliance & Continuity;
• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization. Maintain a risk register to ensure that all identified risk factors are recorded;
• Establish enterprise risk management strategy & present to local Management;
• Manage Risk Acceptance Forms and ensures Accepted Risks are reviewed regularly;
• Develop a IT risk awareness program and conduct training to ensure that:
a. Stakeholders understand risk and contribute to the risk management process 
b. Promote a IT risk-aware culture
• Support implementation of risk response plans ensuring that risk factors and events are addressed.

IT Risk Monitoring (delegated to Security Team Members)
• Monitor and report deviations to the IT Risk framework;
• Monitor risk and inform relevant stakeholders ensuring effectiveness of risk management strategy. This includes the monitoring of response plans;
• Request independent risk and process reviews to ensure that risks are managed effectively;
• Report risk & compliance, initiate corrective actions and meet business and regulatory requirements.

IT Control Execution (delegated to Security Team Members)
• Perform Group controls. Perform locally defined controls;
• Evaluate the current state of process maturity & compare to targeted maturity;
• Identify control deficiencies and maturity gaps. Ensure that deficiencies are appropriately considered and remediated;
• Maintain adequate evidence to support conclusions on the existence and operating effectiveness of controls.

3rd Party Management
• Manage 3rd party suppliers from a Security, Compliance and Continuity perspective, in such a way that Group requirements are met. Reviews quality of service in competence domain.

Cyber Security Incident Management
• Implements and manages Cybersecurity Incident Response plan. Ensures plan is comprehensive and effective. Ensures that all involved partners are prepared and aware of their role
• Leads CSIRT team. Negotiates with partners, Group and 3rd parties to ensure adequate coverage – including skillset and
• Liaise with Data Protection Officer & Chief Data Officer

Team Management
• Manage Security Team. Participate in management meetings focusing on Security aspect of initiatives;
• Estimate effort, priority, skillset. Performs resource management. Prioritizes initiatives in order to meet requirements and planned activities;
• Grows, develops and motivates team members

Benefits: 

• Annual bonus (correlated with performance);
• Meal ticketRon/ticket);
• Medical subscription for employee and his children – Sanador;
• 24 vacation days;
• Gym discounts - 7Card;
• Bookster - virtual library;
• 1day/work from home (after 3 months);
• Christmas party.