Cyber Security Manager
One of the market leaders in Employee Rewards and Benefits is hiring!
Join the great team of this competitive employer (Bucharest offices) and take the opportunity to work in a fulfilling and stable environment.
The local Cyber Security Manager is responsible for defining and implementing the local Security Policy, in accordance with Group Policy and internal control. He/she is in charge of the implementation of the Security Strategy, policies & processes within its scope of responsibilities. He/she manages incident response, in coordinates with the Region and the Group Security. He/she shall guarantee the security, confidentiality, integrity, traceability and regulatory compliance of the information system and data.
Adapt, communicate and implement the Information Security Policy to local context:
- Coordinate with Group Security and Internal Control;
- Adapt the policies & define procedures related to security;
- Communicate policies & procedures to relevant stakeholders and ensure proper implementation;
- Raise awareness of all users towards IT Security risks (phishing, ransom ware, data leakage) and on the security solutions & processes already in place.
IT Security risk assessment:
- Contribute to Projects ensuring appropriate security measures are implemented;
- Evaluate risks, threats & potential impacts;
- Contribute to the deployment of mitigation actions;
- Assess external suppliers and work with legal to include appropriate provisions in contracts;
- Monitor progress and proper implementation of internal & external Audits;
- Support Data Privacy Program;
- Identify local or legal constraints and I&S Security exceptions specific to its context;
- Reporting relevant risks, incidents, and plans to Global Head of IT Security for consolidation.
Operational protection of the Information System:
- Relays Infosec communications, ensure appropriate actions are taken & report;
- Coordinate local deployment of Global Security solutions;
- Ensure effective patching & vulnerability management processes working with infrastructure & applications teams;
- Build relevant KPI & dashboard for regular review with IT stakeholders (Antivirus, Proxy, Firewall etc.)
Security Incident Management:
- Implement Security Incident Response procedures in line with Group Security directive;
- Qualify Security Incidents & coordinate response;
- Involve & escalate to the relevant stakeholders locally and at Group Level;
- Lead Post Incident Reviews for process and measure improvements.
- Experienced IT Security or IT Audit practitioner. Ideally ITIL, CISA, CISM or CISSP certified;
- Experience in the management of IT Security Incidents;
- Familiar with ISO2700x standards and risk management frameworks;
- Knowledge of firewall technologies, IDS/IPS solutions, Web Application Firewall, Vulnerability Management tools;
- Strong understanding GDPR requirements. Knowledge & understanding of relevant legal & regulatory requirements;
- Soft skills: Autonomous, analytical skills, rigorous, methodical, persuasive, dynamic, leadership skills;
- Strong interpersonal and communication skills, ability to manage, motivate & engage teams and interact with people at all levels of the organization;
- Excellent communication skills on both written & oral English.