The Job Holder is accountable for providing effective and efficient Information Security services within and towards OMV Petrom Global Solutions and Business Divisions within OMV Group.
The scope of duties for Job Holder encompass:
- Support Information Security Risk Management and related issues within OMV Petrom Group
- Ensure collaboration with Information Security CoE to facilitate Information Risk analysis and risk management process.
- Responsible that Information Security and risk is adequately represented on relevant business and governance forums in Petrom and is known, integrated and addressed across OMV Petrom Group.
- Responsible for actively contributing to the “Information Security 4.0” program
- Collect, analyse and manage the business impacts for IT and OT application portfolio
- Perform Risk assessments & Gap Analysis for IT/OT systems used in OMV Petrom Group
- Identify and propose Risk treatment measures
- Lead the tracking of implementation of proposed measures out of the Risk treatment plan with strong focus on Petrom projects
- Collect evidence for the established control measures
- Perform the Information Security Risk reporting for Petrom
- Perform the alignment of Information Security topics out of the risk assessments in all business divisions and OPGS
- Provides risk exposure KPI’s to the Information Security KPI dashboard
- Responsible to ensure the administration of CRISAM
- Responsible for quality assurance and Information Security compliance
- Responsible to educate IT security topics in several operational IT delivery discussions
- Responsible to manage projects linked to the Risk Management domain
- Act as an expert in interpretation of regulations, guidelines, policies, and procedures and gather risk-related data from internal or external resources.
- Applies independently the knowledge from area of expertise in accordance with the business requirements and gives guidance to more junior colleagues for problem solving / issue resolution.
- Identifies potential risks in area of expertise and proposes respective solutions for risk mitigation.
- Steers and controls the implementation of IT Security measures to contribute to the Information Security Risk mitigation and the IT-Security maturity level
- Perform security checks and internal audits
- Develops appropriate technical documentation addressed by the CISO
- Defines security controls for the organization and audits the related evidence collection process
- Is responsible for monitoring the implementation of IT Security Standards
- Organizes a project according to OMV Group and guidelines and the project work order. This includes staffing projects together with the corresponding line managers.
- Organizes/communicates information to all concerned parties about the project, especially Service Managers.
- Provides feedback on involved personnel to the disciplinary supervisor.
- Manages the scope of projects within his/her responsibility.
- Performs a proper handover including know-how transfer to a dedicated Service Manager.
- Initiates project related purchase orders ensuring that these orders are aligned with Global Solutions IT standards and guidelines, and coordinates the release of these POs with the corresponding line managers, commercial management and procurement.
- University degree in Computer Science, Engineering or Business
- Excellent (proficiency level) in spoken and written English
- CISSP, CISA or other security certifications
- 7 years of experience in Information security, Governance, Audit and Risk
- Working experience with external Auditors
- Intermediate project management skills.
- Advanced command of English (written and spoken).
- Deep understanding in the area of Risk Management
- Good understanding in one or more areas: Service Continuity Planning, Cyber Security Incident Response, Cryptography, Threat Assessment, Identity and Access Management, Data Protection, Security Architecture and Design
- Very good knowledge of specific application(s), technologies, and processes on IT Security Department level used in own activity and general knowledge of specific application(s), technologies, and processes on Service Line level.
- Strong technical knowledge of Networking, Operating Systems and Enterprise integrations
- Experience in managing standards, developing Security Operations Processes
- Good knowledge and skills of Microsoft Office (Microsoft Excel, Microsoft Word, Microsoft Outlook).
- Implementing Information Security services / processes in the area of responsibility
- Advanced ability to recognizes, communicate, and mitigate information and technology risk
- Advanced knowledge of processes, roles and responsibilities on team level.
- Good understanding of functional relations and interdependencies.
- Identifies opportunities to improve activity, processes, and regulations.
- Solid knowledge and understanding of related legislations / norms, internal rules/guidelines, in multiple areas/team level.
- Ability to support elaboration of internal rules and guidelines.
- Specific certifications in the respective discipline or equivalent education along with solid occupational experience in the related field.
- Awareness regarding Information Security.
- Proven ability to adjust to complex new tasks & situations in an effective manner, for own scope of responsibility and as role model for more junior colleagues.
- Ability to define individual objectives in line with team / department objectives.
- Supports more junior colleagues for the definition of objectives, career development and identification of training needs.
- Good to advanced execution skills proved by ability to adjust new tasks & situations in an effective manner, showing flexibility in the way of thinking and acting.
- Solid ability to innovate, suggesting improvements to the work related to own and adjacent activities, participation in developing solutions to complex problems and identify opportunities to improve activities.
- Solid communication, negotiation and interaction skills, decision taker and promoter management decisions, good presentation skills.
Sponsors & Partners
They help us make this conference possible.
At Orange Business Services, we help our customers transform their industries, reimagine their services, create a positive impact and unleash the power of their data into an amazing and trusted resource.
With the dual expertise as a global operator coupled with the agility of an end-to-end integrator, Orange Business Services is a global network-native, digital services company. From connectivity, smart mobility services and the cloud to artificial intelligence (AI), analytics and cybersecurity, Orange Business Services helps businesses at every stage of their data management. Orange Business Services is represented in Romania by the business division of Orange Romania and helps large companies, SMEs and public authorities to transform their organizations through the use of technology and digital information.