Team Leader IT Security Officer

About Inetum, Positive digital flow:

Inetum is an IT services company that provides digital services and solutions and a global group that helps companies and institutions to get the most out of digital flow. The Inetum group is committed towards all these players to innovate, continue to adapt and stay ahead. With its multi-expert profile, Inetum offers its clients a unique combination of proximity, a sectorial organization and solutions of industrial quality. Operating in more than 26 countries, the Group has nearly 27,000 employees and in 2020 generated revenues of €1,965 billion.

Inetum Romania is an important player in the IT services and solutions market in our country, with over 15 years of activity. It is a stable, growing and profitable company with over 500 employees who provides IT consulting services, infrastructure and software development assistance, digital services implementation and support.

In an Agile format, our teams work on cloud initiatives, application development, business intelligence, automation and digitalization projects that contribute to the profit and evolution of our clients. The diversity of our projects offers team members the opportunity for learning and growth. The company had a turnover of 20 million EURO in 2021.

• Communication and negotiation skills;
• Analysis and synthesis capability;
• Correlation capacity between events;
• Distributive attention;
• Results and customer oriented;
• Team spirit;
• Self-organizing capacity;
• Punctuality in carrying out tasks;
• Independent working capacity;
• Initiative;
• Good interpersonal skills at all levels;
• Self-Motivated;
• Flexible and able to adapt to change;
• A highly visible people oriented style with the assertiveness, determination and relationship building skills to challenge objectives and ensure positive results;
• Good influencing skills and a positive opinion leader;
• Positive, enthusiastic attitude;
• Calm and patient under pressure;
• Must demonstrate drive and enthusiasm to take positive action and progress projects to a conclusion.

Job’s objectives
• Manage Group Cyber Security framework to control IT & Cyber Security risks;
• Management of the IT security and risk control plan;
• Establish Cyber Security requirements for partners (3rd parties);
• Improves business continuity through IT security and risk controls;
• Presents reports, risks assessments and the relevant information to management;
• Perform technology and regulatory watch in domain of competence;
• Member of the first line of defense and directly reports to the CEO.

Governance
• Implement and provide Governance ITRM Group framework and supporting processes for the IT Governance, Compliance, Continuity & Security domains;
• Provide Governance for security activities within company, in accordance with Group requirements, Best practices and Industry standards.

IT Risk & Cyber Management framework
• Implement the IT Risk framework as per policy ITG0051 for IT Security, IT Continuity, IT Compliance & IT Governance;
• Ensure alignment of practices (i.e. risk evaluation criteria and thresholds, risk matrices/heatmaps) across all risk domains in accordance with Group practices;
• Supervise IT risk management as per ITG0051, focusing Information Security, Compliance & Continuity;
• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization. Maintain a risk register to ensure that all identified risk factors are recorded;
• Establish enterprise risk management strategy & present to local Management;
• Manage Risk Acceptance Forms and ensures Accepted Risks are reviewed regularly;
• Develop a IT risk awareness program and conduct training to ensure that:
a. Stakeholders understand risk and contribute to the risk management process
b. Promote a IT risk-aware culture
• Support implementation of risk response plans ensuring that risk factors and events are addressed.

IT Risk Monitoring (delegated to Security Team Members)
• Monitor and report deviations to the IT Risk framework;
• Monitor risk and inform relevant stakeholders ensuring effectiveness of risk management strategy. This includes the monitoring of response plans;
• Request independent risk and process reviews to ensure that risks are managed effectively;
• Report risk & compliance, initiate corrective actions and meet business and regulatory requirements.

IT Control Execution (delegated to Security Team Members)
• Perform Group controls. Perform locally defined controls;
• Evaluate the current state of process maturity & compare to targeted maturity;
• Identify control deficiencies and maturity gaps. Ensure that deficiencies are appropriately considered and remediated;
• Maintain adequate evidence to support conclusions on the existence and operating effectiveness of controls.

3rd Party Management
• Manage 3rd party suppliers from a Security, Compliance and Continuity perspective, in such a way that Group requirements are met. Reviews quality of service in competence domain.

Cyber Security Incident Management
• Implements and manages Cybersecurity Incident Response plan. Ensures plan is comprehensive and effective. Ensures that all involved partners are prepared and aware of their role
• Leads CSIRT team. Negotiates with partners, Group and 3rd parties to ensure adequate coverage – including skillset and equipment.
• Liaise with Data Protection Officer & Chief Data Officer

Team Management
• Manage Security Team. Participate in management meetings focusing on Security aspect of initiatives;
• Estimate effort, priority, skillset. Performs resource management. Prioritizes initiatives in order to meet requirements and planned activities;
• Grows, develops and motivates team members

Benefits:
• Annual bonus (correlated with performance);
• Meal tickets (9,57 Ron/ticket);
• Medical subscription for employee and his children – Sanador;
• 24 vacation days;
• Gym discounts - 7Card;
• Bookster - virtual library;
• 1day/work from home (after 3 months);
• Christmas party.