General Information

Position
Information Security Specialist
Work arrangement
Full-time
City
Bucharest
Country
Romania
Department
Enabling Services
Team
Information Technology
Area of interest
IT - Services
Way of work
Hybrid

Description & Requirements

Who we are looking for
  • Degree in computer science or equivalent
  • At least 3 years of experience in Information Security area
  • Comfortable with information technology, systems and data
  • Knowledge of administrative, technical/logical and physical information security controls
  • Familiarity with the ISO 27001:2013 family of standards, NIST, COBIT, ITIL is an advantage
  • Proficiency in Microsoft Office
  • English – advanced level, both written and spoken
  • Analytical skills and thoroughness
  • Good communication skills and service quality oriented
  • Sense of responsibility and willingness to learn new systems and processes
Your future role

Documentation Life Cycle Management

  • Manage the information security document lifecycle process;
  • Maintaining and developing Information Security documentation including but not limited to policies, standard, procedures and guidelines according to DTTL, regulatory, business and security requirements;
  • Periodical review and update of the Information Security documentation;
  • Performing GAP analysis against requirements stated in the Information Security documentation;
  • Acting as a SME in the area of Information Security Policies. It includes but not limited to advice on how to interpret and implement requirements;

Client Security Assistance

  • Ensuring compliance with Client security requirements through the following:
  • Review and comment of Client Security Questionnaire;
  • Review and comment of Information security related parts;
  • Acting as a SME in the area of Clients’ Information Security requirements assessment process, including close cooperation with Privacy and Confidentiality Office and Legal Department;
  • Support with Client information security audits.
  • Monitoring mitigation status of audit findings

Change Management

  • Close cooperation with PMO (Project Management Office) in the area of change management process that requires security involvement

CISO Office Administration

  • Maintaining Service catalogue for CISO office
  • Maintaining the list of processes performed by CISO Office
  • Preparation and maintenance maps of processes of CISO office
  • Maintenance of the Security website
  • Support with the Internal and External Information Security audits
  • Close cooperation with Information Security Risk Management Specialist in the area mitigation of the identified risks.

Management reporting

  • Gathering of information from all CISO team members regarding closed, ongoing and planned long and short-term activities, achievements, challenges and topics that require leadership decision or approval;
  • Preparation of security dashboard for Information Security and Business Continuity Council;
  • Preparation of security dashboard for Reputation and Risk Leader (RRL);
  • Updating information about KRI (Key Risk Indicators);
  • Other reporting activities required by the leadership;
  • Maintenance and update of Security Intranet.

Access Rights Management and Review

  • Manage of access rights to the resources owned by CISO
  • Review of access rights to the resources managed by CISO
  • Review of access rights of all CISO team members

Data Leakage Prevention

  • Monitoring of DLP alerts