Information Risk Manager
ALTEN Romania, a subsidiary of ALTEN Group – with a unique position as a European Leader in IT & Engineering Consulting, was established in 2006 in Bucharest, with the aim to provide technical consulting for the customers of this specific market. Since its inception, the company grew and now has offices in Bucharest, Timisoara, Sibiu and Cluj-Napoca.
Through its team of over 300 specialists in software development, business analysis, business intelligence, PMO, Project Management, testing, technical support, automotive and aerospace engineering, ALTEN Romania is providing specialized services, both on the local and international markets in business sectors such as: aerospace, automotive, finances, pharmaceutics and telecom.
ALTEN Romania has a technical team of consultants and experts in engineering specialized in CATIA V5, NewPDM, SolidWorks, Matlab/Simulink, HIL, Autosar and others, while the IT Division has precise specializations like: Java, .NET, PHP, C#, C++, SIEBEL, Informatica PowerCenter, Cognos, MS BI and Oracle BI, BSCS and more.
• At least 3 years acting as a senior information risk officer or similar role
• At least 3 years experience working within the financial industry is considered an advantage
• Knowledge of information security principles and concepts, risk management concepts, IT security standards and best practices
• Good understanding of technical concepts related to networking, infrastructure and application security, endpoint technologies, physical and virtual data center hosting
• Experience in the design, development, implementation and operational support of mission critical solutions in large scale environments and organizations and security controls for these solutions
• Experience in monitoring activities of IT controls at both technical and operational level
• Any of the following would be an advantage: CompTIA Security+, CCNA, CCNA Security, SSCP, CISSP, CISM, CRISC, CISA, CEH
• BA/BS degree (IT, Automatics & Computer Science, Cybernetics, Electronics preferred), or equivalent experience, security qualifications and accreditation
• Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
• Oversee as well as being involved in the activities of the information risk division
• Perform Business Impact Assessments and Risk Assessments on information assets, projects or programs with IT component
• Oversee specific fist line of defense IT operations reacting to IT risks, events and incidents
• Test the design and effectiveness of IT controls and report on residual risk levels
• Recommend controls for the identified risks, agree action plans and closely monitor them until completion
• Active involvement in projects providing input/advice on information risk and security aspects at different stages of the project life-cycle: business requests, contracting phase, assessment of external potential external partners, solution and controls design, assessment of final deliverables
• Develop and/or review documentation such as: policies, procedures, standards, external connections, operational security guidelines, test results, etc.
• Responsible with developing and implementing Information Security culture, education and awareness programs
• Support IT department in keeping an accurate and up to date Disaster Recovery Plan in line with criticality of business systems resulted from Business Impact Assessments and Recovery Time / Point Objectives confirmed with Business Owners in order to ensure adequate design and effectiveness of the Continuity controls implemented
• Maintain, review and test business continuity plans to ensure that the company is prepared to optimally react in case of crisis.