IT Security & Risk Officer

About Inetum, Positive digital flow:

Inetum is an IT services company that provides digital services and solutions and a global group that helps companies and institutions to get the most out of digital flow. The Inetum group is committed towards all these players to innovate, continue to adapt and stay ahead. With its multi-expert profile, Inetum offers its clients a unique combination of proximity, a sectorial organization and solutions of industrial quality. Operating in more than 26 countries, the Group has nearly 27,000 employees and in 2020 generated revenues of €1,965 billion.

Inetum Romania is an important player in the IT services and solutions market in our country, with over 15 years of activity. It is a stable, growing and profitable company with over 500 employees who provides IT consulting services, infrastructure and software development assistance, digital services implementation and support.

In an Agile format, our teams work on cloud initiatives, application development, business intelligence, automation and digitalization projects that contribute to the profit and evolution of our clients. The diversity of our projects offers team members the opportunity for learning and growth. The company had a turnover of 20 million EURO in 2021.

Job proposal:

We offer position of IT Security Officer (ISO), part of IT department role. You will have important opportunities for evolution in your career as our IT organization is part of one regional IT
organization, serving 5 countries in Central Europe: Romania, Bulgaria, Hungary, Czech Republic, Slovakia. As ISO, you will have the opportunity to work with IT Operations team, central and regional teams to reach our global goals: manage IT risks and improve the security posture of the organization.

Mission and Objectives:
 Assurance of IT Security and IT Risk Management are two major objectives for company, part of IT Strategy
 The most important objective related with IT Security is to improve maturity NIST level, following security initiatives recommended and published by central security team.
 Provide support to business lines and IT function to identify, monitor and treat IT risks.
 Main mission of ISO should be to plan, organize, and execute security related activities and projects. In order to execute his mission, ISO will work with Head of IT entity, Head of IT Operation entity, central security team (GIS) , IT Regional Security Team (IT Security & Risk) in order to find the best solutions for reaching objectives.

IT Security Area- main responsibilities:

 Participate to deployment of IT Security procedures, part of IT Governance framework, published by Central team (Group Information Security).
 Perform security checks and validations using the existing procedures.
 Implement security tools and systems to improve the overall security of the organization.
 Monitor the security solutions to identify security risks that may affect the company.
 Participate in the incident management process.
 Manage security documentation (compliance check, AIA, Security forms, Security Dashboard,
 NIST, Cyber Security Plan).
 Prepare proofs and evidences requested by central/regional team for all cybersecurity topics.
 Calculate and report main KPI for IT security.
 Assure IT Security governance, by participating to all IT security meetings and workshops, part of IT Security framework of entity.
 Participate to entity global IT project portfolio for IT Security project, by establishing efforts in terms of human resources, hardware, software, consultancy needed for reaching objectives together with IT Manager, according to main initiatives identified on PF Central / regional for security topics. Plan, execute and implement projects as was established inside of project portfolio.
 Participate to preparation, plan, and execution of IT Budget for security, together with head of IT operations and head of IT entity.

IT Risk Area - main responsibilities:

 Coordinate the implementation of the IT Risk Framework within the local entity.
 Perform risk assessments (using risk forms) and consolidate the results in the local risk register.
 Monitor and report on the implementation of local risk response plans.
 Participate in the creation of dashboards and reports for local and regional management.
 Coordinate the periodic review of IT controls.
 Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.
 Provide support to IT continuity functions by ensuring proper risk management.
 Participate in the Business Impact Analysis and risk management exercises for both existing and
 new services.
 Creation and maintenance of local procedures and/or work Instructions as needed.

Requirements:
 Specific study & experience, key competences/skills and behavior are expected.

Studies & Experience:
 Bachelor’s in computer science or related IT field; Higher education /studies concluded with a bachelor's degree.
 3 years’ experience in IT Security/IT Risk field or proven experience in IT security.

Key competencies/skills:
 Good analytical skills
 Excellent communication skills

Key competencies:
 Knowledge on IT Security /IT Risks methodology: NIST or alternative cybersecurity / risk methodology
 Fluent English practice (written and spoken)

Transversal behavior:
 Aptitude to listen, understand the business need
 Well organized, rigorous
 Team spirit
 Respectful of entity rules and processes
 Able to negotiate and propose the best compromise
 Able to communicate easily
 Flexible and accepts evolution, modification
 Able to sum up, to advice, to provide expertise
 Can work fluently in a project mode
 Availability

.

Benefits:

• Interesting salary conditions
• Undetermined period of contract
• Career plan (professional, academic, and financial)
• Medical insurance
• Official training's and certifications
• Meal tickets
• Yearly professional evaluation
• Professional and friendly working environment