Senior Expert IT Security Risk Management & Compliance (DC-0020)

The Job Holder is accountable for providing effective and efficient Information Security services within and towards OMV Petrom Global Solutions  and Business Divisions within OMV Group.

The scope of duties for Job Holder encompass:

  • Support Information Security Risk Management and related issues within OMV Petrom Group
  • Ensure collaboration with Information Security CoE to facilitate Information Risk analysis and risk management process.
  • Responsible that Information Security and risk is adequately represented on relevant business and governance forums in Petrom and is known, integrated and addressed across OMV Petrom Group.
  • Responsible for actively contributing to the “Information Security 4.0” program

      Main Accountabilities

      • Collect, analyse and manage the business impacts for IT and OT application portfolio
      • Perform Risk assessments & Gap Analysis for IT/OT systems used in OMV Petrom Group
      • Identify and propose Risk treatment measures
      • Lead the tracking of implementation of proposed measures out of the Risk treatment plan with strong focus on Petrom projects
      • Collect evidence for the established control measures
      • Perform the Information Security Risk reporting for Petrom
      • Perform the alignment of Information Security topics out of the risk assessments in all business divisions and OPGS
      • Provides risk exposure KPI’s to the Information Security KPI dashboard
      • Responsible to ensure the administration of CRISAM
      • Responsible for quality assurance and Information Security compliance
      • Responsible to educate IT security topics in several operational IT delivery discussions
      • Responsible to manage projects linked to the Risk Management domain
      • Act as an expert in interpretation of regulations, guidelines, policies, and procedures and gather risk-related data from internal or external resources.
      • Applies independently the knowledge from area of expertise in accordance with the business requirements and gives guidance to more junior colleagues for problem solving / issue resolution.
      • Identifies potential risks in area of expertise and proposes respective solutions for risk mitigation.
      • Steers and controls the implementation of IT Security measures to contribute to the Information Security Risk mitigation and the IT-Security maturity level
      • Perform security checks and internal audits
      • Develops appropriate technical documentation addressed by the CISO
      • Defines security controls for the organization and audits the related evidence collection process
      • Is responsible for monitoring the implementation of IT Security Standards
      • Organizes a project according to OMV Group and guidelines and the project work order. This includes staffing projects together with the corresponding line managers.
      • Organizes/communicates information to all concerned parties about the project, especially Service Managers.
      • Provides feedback on involved personnel to the disciplinary supervisor.
      • Manages the scope of projects within his/her responsibility.
      • Performs a proper handover including know-how transfer to a dedicated Service Manager.
      • Initiates project related purchase orders ensuring that these orders are aligned with Global Solutions IT standards and guidelines, and coordinates the release of these POs with the corresponding line managers, commercial management and procurement.

      Job Requirements


      • University degree in Computer Science, Engineering or Business
      • Excellent (proficiency level) in spoken and written English
      • CISSP, CISA or other security certifications



      • 7 years of experience in Information security, Governance, Audit and Risk
      • Working experience with external Auditors
      • Intermediate project management skills.



      • Advanced command of English (written and spoken).
      • Deep understanding in the area of Risk Management
      • Good understanding in one or more areas: Service Continuity Planning, Cyber Security Incident Response, Cryptography, Threat Assessment, Identity and Access Management, Data Protection, Security Architecture and Design
      • Very good knowledge of specific application(s), technologies, and processes on IT Security Department level used in own activity and general knowledge of specific application(s), technologies, and processes on Service Line level.
      • Strong technical knowledge of Networking, Operating Systems and Enterprise integrations
      • Experience in managing standards, developing Security Operations Processes
      • Good knowledge and skills of Microsoft Office (Microsoft Excel, Microsoft Word, Microsoft Outlook).
      • Implementing Information Security services / processes in the area of responsibility
      • Advanced ability to recognizes, communicate, and mitigate information and technology risk
      • Advanced knowledge of processes, roles and responsibilities on team level.
      • Good understanding of functional relations and interdependencies.
      • Identifies opportunities to improve activity, processes, and regulations.
      • Solid knowledge and understanding of related legislations / norms, internal rules/guidelines, in multiple areas/team level.
      • Ability to support elaboration of internal rules and guidelines.
      • Specific certifications in the respective discipline or equivalent education along with solid occupational experience in the related field.
      • Awareness regarding Information Security.
      • Proven ability to adjust to complex new tasks & situations in an effective manner, for own scope of responsibility and as role model for more junior colleagues.
      • Ability to define individual objectives in line with team / department objectives.
      • Supports more junior colleagues for the definition of objectives, career development and identification of training needs.
      • Good to advanced execution skills proved by ability to adjust new tasks & situations in an effective manner, showing flexibility in the way of thinking and acting.
      • Solid ability to innovate, suggesting improvements to the work related to own and adjacent activities, participation in developing solutions to complex problems and identify opportunities to improve activities.
      • Solid communication, negotiation and interaction skills, decision taker and promoter management decisions, good presentation skills.

        Sponsors & Partners

        They help us make this conference possible.

        POWERED BY

        Orange Romania is part of the Orange Group, one of the largest global telecommunications operators that connects hundreds of millions of customers worldwide. With over 11 million local customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions for both individual and corporate customers, from basic connectivity services to complete mobile, fixed internet, TV packages, and complex IT&C solutions through Orange Business

        Orange Romania is the number 1 operator in terms of network performance, and also holds nine consecutive Top Employer certifications, which confirm that Orange Romania, in addition to the remarkable products and services it offers, pays special attention to its employees and working environment. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance. 

        In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.

        Gold Partners

        defcamp 2022 booking holdings

        Silver Partners

        Bronze Partner