Information Risk Manager

ALTEN Romania, part of the international ALTEN Group - with a unique position as Leader in IT & Engineering Consulting, provides support for its clients’ development strategies in the fields of innovation, R&D and IT systems since 1996. The company comprises 2 divisions specialized on its core capabilities: ENGINEERING and IT. These two divisions are: ALTEN TECHNO and ALTEN IT.

• At least 3 years acting as a senior information risk officer or similar role
• At least 3 years experience working within the financial industry is considered an advantage
• Knowledge of information security principles and concepts, risk management concepts, IT security standards and best practices
• Good understanding of technical concepts related to networking, infrastructure and application security, endpoint technologies, physical and virtual data center hosting
• Experience in the design, development, implementation and operational support of mission critical solutions in large scale environments and organizations and security controls for these solutions
• Experience in monitoring activities of IT controls at both technical and operational level
• Any of the following would be an advantage: CompTIA Security+, CCNA, CCNA Security, SSCP, CISSP, CISM, CRISC, CISA, CEH
• BA/BS degree (IT, Automatics & Computer Science, Cybernetics, Electronics preferred), or equivalent experience, security qualifications and accreditation
• Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.

• Oversee as well as being involved in the activities of the information risk division
• Perform Business Impact Assessments and Risk Assessments on information assets, projects or programs with IT component
• Oversee specific fist line of defense IT operations reacting to IT risks, events and incidents
• Test the design and effectiveness of IT controls and report on residual risk levels
• Recommend controls for the identified risks, agree action plans and closely monitor them until completion
• Active involvement in projects providing input/advice on information risk and security aspects at different stages of the project life-cycle: business requests, contracting phase, assessment of external potential external partners, solution and controls design, assessment of final deliverables
• Develop and/or review documentation such as: policies, procedures, standards, external connections, operational security guidelines, test results, etc.
• Responsible with developing and implementing Information Security culture, education and awareness programs
• Support IT department in keeping an accurate and up to date Disaster Recovery Plan in line with criticality of business systems resulted from Business Impact Assessments and Recovery Time / Point Objectives confirmed with Business Owners in order to ensure adequate design and effectiveness of the Continuity controls implemented
• Maintain, review and test business continuity plans to ensure that the company is prepared to optimally react in case of crisis.