Information Security Specialist

Voted the Most Desired Employer in Romania, in the Financial Services Industry, five consecutive times, in the Catalyst surveys, Deloitte Romania provides services in audit, tax, legal, consulting, financial advisory, risk advisory, business processes as well as technology services, through 2,000 professionals. The Regional Audit Delivery Center (RADC) provides Audit services to various Country Member Firms from Deloitte Central Europe and to their clients. The Tax & Legal Delivery Center (TLDC) offers services focused on 5 service lines: GES (Global Employer Services), Business Tax, Global Tax Center Europe, Global Trade Advisory (GTA) and Legal Center of Excellence (CoE).
Worldwide, Deloitte serves four out of five Fortune Global 500 companies through a globally connected network of member firms in more than 150 countries and territories, with over 330,000 professionals. The organization is recognized among “World’s Best Workplaces™” by Great Place to Work® and Fortune and among “World’s Most Attractive Employers”, by Universum, according to 2020 surveys.

We believe that innovation comes from contrasting disciplines, backgrounds and cultural perspectives and that the innovative solutions our people deliver have to always make an impact that matters. We celebrate individual strengths and we prioritize our people’s well-being.

You bring the ambition, we’ll provide the opportunities.

• Degree in computer science or equivalent
• At least 2 years of experience in Information Security area
• Comfortable with information technology, systems and data
• Knowledge of administrative, technical/logical and physical information security controls
• Familiarity with the ISO 27001:2013 family of standards, NIST, COBIT, ITIL is an advantage
• Proficiency in Microsoft Office
• English – advanced level, both written and spoken
• Analytical skills and thoroughness
• Good communication skills and service quality oriented
• Sense of responsibility and willingness to learn new systems and processes

Documentation Life Cycle Management
• Manage the information security document lifecycle process;
• Maintaining and developing Information Security documentation including but not limited to policies, standard, procedures and guidelines according to DTTL, regulatory, business and security requirements;
• Periodical review and update of the Information Security documentation;
• Performing GAP analysis against requirements stated in the Information Security documentation;
• Acting as a SME in the area of Information Security Policies. It includes but not limited to advice on how to interpret and implement requirements;

Client Security Assistance
• Ensuring compliance with Client security requirements through the following:
o Review and comment of Client Security Questionnaire;
o Review and comment of Information security related parts;
• Acting as a SME in the area of Clients’ Information Security requirements assessment process, including close cooperation with Privacy and Confidentiality Office and Legal Department;
• Support with Client information security audits.
• Monitoring mitigation status of audit findings

Change Management
• Close cooperation with PMO (Project Management Office) in the area of change management process that requires security involvement

CISO Office Administration
• Maintaining Service catalogue for CISO office
• Maintaining the list of processes performed by CISO Office
• Preparation and maintenance maps of processes of CISO office
• Maintenance of the Security website
• Support with the Internal and External Information Security audits
• Close cooperation with Information Security Risk Management Specialist in the area mitigation of the identified risks.

Management reporting
• Gathering of information from all CISO team members regarding closed, ongoing and planned long and short-term activities, achievements, challenges and topics that require leadership decision or approval;
• Preparation of security dashboard for Information Security and Business Continuity Council;
• Preparation of security dashboard for Reputation and Risk Leader (RRL);
• Updating information about KRI (Key Risk Indicators);
• Other reporting activities required by the leadership;
• Maintenance and update of Security Intranet.

Access Rights Management and Review
• Manage of access rights to the resources owned by CISO
• Review of access rights to the resources managed by CISO
• Review of access rights of all CISO team members

Data Leakage Prevention
• Monitoring of DLP alerts