IT Security & Risk Officer
Vauban joined the GFI Group at the beginning of January 2019. With more than 450 consultants in Romania, Vauban is a leading provider of IT services and innovative applications. Created in 2007, the company has experienced strong growth and has established itself as a reference partner for key accounts in the Banking, Telecom, Industry and Energy sectors.Cerinte
We offer position of IT Security Officer (ISO), part of IT department role. You will have important opportunities for evolution in your career as our IT organization is part of one regional IT
organization, serving 5 countries in Central Europe: Romania, Bulgaria, Hungary, Czech Republic, Slovakia. As ISO, you will have the opportunity to work with IT Operations team, central and regional teams to reach our global goals: manage IT risks and improve the security posture of the organization.
Mission and Objectives:
Assurance of IT Security and IT Risk Management are two major objectives for company, part of IT Strategy
The most important objective related with IT Security is to improve maturity NIST level, following security initiatives recommended and published by central security team.
Provide support to business lines and IT function to identify, monitor and treat IT risks.
Main mission of ISO should be to plan, organize, and execute security related activities and projects. In order to execute his mission, ISO will work with Head of IT entity, Head of IT Operation entity, central security team (GIS) , IT Regional Security Team (IT Security & Risk) in order to find the best solutions for reaching objectives.
IT Security Area- main responsibilities:
Participate to deployment of IT Security procedures, part of IT Governance framework, published by Central team (Group Information Security).
Perform security checks and validations using the existing procedures.
Implement security tools and systems to improve the overall security of the organization.
Monitor the security solutions to identify security risks that may affect the company.
Participate in the incident management process.
Manage security documentation (compliance check, AIA, Security forms, Security Dashboard,
NIST, Cyber Security Plan).
Prepare proofs and evidences requested by central/regional team for all cybersecurity topics.
Calculate and report main KPI for IT security.
Assure IT Security governance, by participating to all IT security meetings and workshops, part of IT Security framework of entity.
Participate to entity global IT project portfolio for IT Security project, by establishing efforts in terms of human resources, hardware, software, consultancy needed for reaching objectives together with IT Manager, according to main initiatives identified on PF Central / regional for security topics. Plan, execute and implement projects as was established inside of project portfolio.
Participate to preparation, plan, and execution of IT Budget for security, together with head of IT operations and head of IT entity.
IT Risk Area - main responsibilities:
Coordinate the implementation of the IT Risk Framework within the local entity.
Perform risk assessments (using risk forms) and consolidate the results in the local risk register.
Monitor and report on the implementation of local risk response plans.
Participate in the creation of dashboards and reports for local and regional management.
Coordinate the periodic review of IT controls.
Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.
Provide support to IT continuity functions by ensuring proper risk management.
Participate in the Business Impact Analysis and risk management exercises for both existing and
Creation and maintenance of local procedures and/or work Instructions as needed.
Specific study & experience, key competences/skills and behavior are expected.
Studies & Experience:
Bachelor’s in computer science or related IT field; Higher education /studies concluded with a bachelor's degree.
3 years’ experience in IT Security/IT Risk field or proven experience in IT security.
Good analytical skills
Excellent communication skills
Knowledge on IT Security /IT Risks methodology: NIST or alternative cybersecurity / risk methodology
Fluent English practice (written and spoken)
Aptitude to listen, understand the business need
Well organized, rigorous
Respectful of entity rules and processes
Able to negotiate and propose the best compromise
Able to communicate easily
Flexible and accepts evolution, modification
Able to sum up, to advice, to provide expertise
Can work fluently in a project mode
• Interesting salary conditions
• Undetermined period of contract
• Career plan (professional, academic, and financial)
• Medical insurance
• Official training's and certifications
• Meal tickets
• Yearly professional evaluation
• Professional and friendly working environment