The Job Holder is accountable for providing effective and efficient Information Security services within and towards OMV Petrom Global Solutions and Business Divisions within OMV Group.
The scope of duties for Job Holder encompass:
- Responsible for determining the information security requirements for business/IT projects by evaluating business strategies and requirements. Provide Information Security guidance to project managers and OPGS IT experts, in line with OMV Petrom’s Information Security standards, industry standards and best practices.
- Supporting Information Security audits and compliance checks
- Responsible for measure tracking and for steering adequate implementation of Information Security measures
- Manage projects linked to the risk mitigation program
Responsible for actively contributing to the “Information Security 4.0” program
- Provides IT Security expertise/guidance and advice in relevant projects and initiatives
- Supports Information Security audits (ISO27001, PCI DSS 3.0, NIS EU Directive, GDPR, adhoc).
- Analyses and assesses IT risks (cybersecurity, data protection and confidentiality, technology change, technology reliability) assumed by the business.
- Supports definition of Information Security audit schedule that considers business goals and appropriate security priorities.
- Supports internal processes audit against OMV Petrom’s Information Security standards and procedures.
- Controls and guides IT Security projects; support the implementation of a group wide “Information Security Policy”, standards, processes and guidelines and ensure their compliance via project checks and audits
- Manages evidences for risk based controls and its quality level
- Identifies and proposes Risk treatment measures
- Collects evidence for the established control measures
- Creates and optimizes monthly security reports
- Supervises, distributes and solves security approval tickets
- Responsible for quality assurance and Information Security compliance
- Applies independently the knowledge from area of expertise in accordance with the business requirements and gives guidance to more junior colleagues for problem solving / issue
- Guides and manages the common set of compliance policies and other technical and procedural documentation and promote ongoing awareness of regulations.
- Identifies potential risks in area of expertise and proposes respective solutions for risk mitigation.
- Reviews security technologies, tools and services, and make recommendations for their use, based on security, financial and operational metrics
- Steers and controls the implementation of IT Security measures to contribute to the Information Security Risk mitigation and the IT-Security maturity level
- Defines security controls for the organization and audits the related evidence collection process
- Is responsible for monitoring the implementation of IT Security Standards
- Supports internal security awareness and training programs for IT and OT to drive changes in staff behavior to reduce overall risk to the organization.
- Organizes a project according to OMV Group guidelines and the project work order. This includes staffing projects together with the corresponding line managers.
- Organizes/communicates information to all concerned parties about the project, especially Service Managers.
- Provides feedback on involved personnel to the disciplinary supervisor.
- Develops appropriate technical documentation addressed by the CISO
- Manages the scope of projects within his/her responsibility.
- Performs a proper handover including know-how transfer to a dedicated Service Manager.
- University degree in Computer Science, Engineering or Business
- Excellent (proficiency level) in spoken and written English
- CISSP, CISA or other security certifications
- 7 years of experience in IT, Information security and Governance.
- Advanced project management skills.
- Advanced command of English (written and spoken).
- Deep understanding in the area of Risk Management
- Good understanding in one or more areas: Service Continuity Planning, Cyber Security Incident Response, Cryptography, Threat Assessment, Identity and Access Management, Data Protection, Security Architecture and Design
- Very good knowledge of specific application(s), technologies, and processes on IT Security Department level used in own activity and general knowledge of specific application(s), technologies, and processes on Service Line level.
- Strong technical knowledge of Networking, Operating Systems and Enterprise integrations
- Experience in managing standards, developing Security Operations Processes
- Ability to recognizes, communicate, and mitigate information and technology risk
- Capability to evaluate business risk and to enforce appropriate information security measures.
- Ability to analyze IT security issues, manage conflicting priorities, and recommend a course of action with both technical and business perspective.
- Good knowledge and skills of Microsoft Office (Microsoft Excel, Microsoft Word, Microsoft Outlook).
- Implementing Information Security services / processes in the area of responsibility
- Advanced knowledge of processes, roles and responsibilities on team level.
- Good understanding of functional relations and interdependencies.
- Identifies opportunities to improve activity, processes, and regulations.
- Solid knowledge and understanding of related legislations / norms, internal rules/guidelines, in multiple areas/team level.
- Ability to support elaboration of internal rules and guidelines.
- Specific certifications in the respective discipline or equivalent education along with solid occupational experience in the related field.
- Awareness regarding Information Security.
- Proven ability to adjust to complex new tasks & situations in an effective manner, for own scope of responsibility and as role model for more junior colleagues.
- Ability to define individual objectives in line with team / department objectives.
- Supports more junior colleagues for the definition of objectives, career development and identification of training needs.
- Good to advanced execution skills proved by ability to adjust new tasks & situations in an effective manner, showing flexibility in the way of thinking and acting.
- Solid ability to innovate, suggesting improvements to the work related to own and adjacent activities, participation in developing solutions to complex problems and identify opportunities to improve activities.
- Solid communication, negotiation and interaction skills, decision taker and promoter management decisions, good presentation skills.
Sponsors & Partners
They help us make this conference possible.
Orange „brings you closer to what matters to you”.
This is our brand promise: to bring our clients closer to what’s essential to them and to keep them always connected and in touch with the latest technologies, by offering them the best and safest communication experience.