Data & Information Security Manager Firm Wide

BearingPoint Romania has been present in the management and technology consultancy services since 2007. We have a team of more than 900 employees in Bucharest, Brasov, Cluj-Napoca, Iasi, Sibiu, and Timisoara. We were ranked the #1 Employer in the Consulting industry and one of the best 15 Romanian employers to work for in 2024 by undelucram.ro.
We look for passionate and talented people interested in a rewarding career in business or technology – graduates from technical or business universities, young professionals who want to boost their career start, and senior professionals with deep industry experience or technical knowledge.
BearingPoint Products is all about innovative IP-driven software and digital solutions developed to solve unique business challenges for our international clients. Created by experts – who love technology and who master their craft. Every product team contributes to the success of our Products unit from end to end. We cover all areas of software development, from product management, UI/UX, engineering, testing, and maintenance.
Innovation is the key to us, that is why we work with technologies such as Angular, Node.js, C#, SAP UI5, SAP BTP, and Azure.
Together we are more than business. Join us!

Maintaining the information security processes (ISMS) and related document management, excluding incident management and reporting;

Maintaining and periodically reviewing policies and processes for information security and GDPR-TOMs to enable improving the effectiveness;

Collaborate with other teams to perform a security risk assessment before approving new IT technologies;

Conduct risk assessments including office security checks and support the new IT assets, Technology Partners, and the supplier assessment process;

Support teams and projects and propose practical and pragmatic solutions;

Communication with BearingPoint clients on security-related subjects, including requests for proposals and audit requests;

Be one of the key points of contact for the ISMS /TISAX or other related internal and external audits;

Take action to address the non-compliance with Policies in the organization based on the lessons learned and ensure that the corrections are made and reported back to the auditors as needed;

Establish and manage risk-prevention, detection, correction, and remediation plans;

Create and maintain client documentation on security and compliance topics.





Your skills and preferred qualification



An advanced degree in computer science, information security, natural sciences, and technology or a related discipline, or equivalent work experience;

5-7+ years of professional experience in Data Protection, Information Security, or Cyber Risk;

Experience in the information security and/or data protection domain, including the development and implementation of practical security and/or data protection governance, policies, processes, and standards;

Proficient in English for speaking, reading, and writing. Other languages, such as German, are a plus;

Skilled in conducting risk assessments and formulating effective risk mitigation strategies;

Familiarity with industry standards and frameworks such as ISO/IEC 17799, ISO/IEC 27001, COBIT, ITIL, etc.;

Experience in related domains (e.g. Business Continuity, Disaster Recovery, IT Security, Risk Management, Audit Management) is a plus;

Excellent analytical and conceptual thinking, ability to understand, structure, and prepare/explain complex topics on the appropriate level, depending on context and recipient;

Highly motivated to learn about new topics, technologies, concepts, and business cases.

CISSP/CISM/CISA certification preferred;

Excellent interpersonal skills to work with technical and non-technical colleagues around the world;

Goal-orientated to maintain focus on agreed objectives and deliverables;

Problem-solving skills to identify creative and elegant solutions;

A serious understanding of the fundamentals of IT-/Cybersecurity;

Strong organizational, planning, and documentation skills;

Ability to interpret internal/external business challenges and regulatory requirements to develop and recommend best practices to improve processes or services;

Ability to work multiple priorities in parallel with a proven record of innovation and successful change management;

Willing to understand new areas and follow IT development.

You will join the Global Compliance team as a Data & Information Security Manager, reporting initially directly to the Chief Compliance Officer / Global Data Protection Officer. Depending on your skills and interests, you will be responsible for information security projects and processes, including keeping up and documenting the ISMS. You will collaborate with other departments on various topics related to Information Security and Data Protection, especially with the firm-wide IT Security Team.



Your objective will be to maintain and enhance our data & information security processes in coordination with the Data Protection and the Security team, and to ensure compliance with relevant laws and standards (including ISO27001, TISAX, GDPR (TOMs)).

Within the structure of a global partnership, you will be responsible for the first response to security-related questions from our clients and provide content for relevant external and internal audits and certifications.

About BearingPoint

BearingPoint is an independent management and technology consultancy with European roots and a global reach. We operate in three business units: Consulting, Products, and Capital. Consulting covers the advisory business with a clear focus on selected business areas. Products provides IP-driven digital assets and managed services for business-critical processes. Capital delivers M&A and transaction services.

We are easy to work with. We create lasting outcomes for our consulting clients and when developing award-winning software. We empower people to succeed by sharing knowledge, investing in continuous learning and offering rewarding career paths in a flexible environment. We learn, grow, innovate and support our communities together.

Apply if you want to join our team!

Source: “Top 100 Best Employers in 2023” by undelucram.ro