The Job Holder is accountable for providing effective and efficient Information Security services within and towards OMV Petrom Global Solutions and Business Divisions within OMV Group.
The scope of duties for Job Holder encompass:
- Support Information Security Risk Management and related issues within OMV Petrom Group
- Ensure collaboration with Information Security CoE to facilitate Information Risk analysis and risk management process.
- Responsible that Information Security and risk is adequately represented on relevant business and governance forums in Petrom and is known, integrated and addressed across OMV Petrom Group.
- Responsible for actively contributing to the “Information Security 4.0” program
- Collect, analyse and manage the business impacts for IT and OT application portfolio
- Perform Risk assessments & Gap Analysis for IT/OT systems used in OMV Petrom Group
- Identify and propose Risk treatment measures
- Lead the tracking of implementation of proposed measures out of the Risk treatment plan with strong focus on Petrom projects
- Collect evidence for the established control measures
- Perform the Information Security Risk reporting for Petrom
- Perform the alignment of Information Security topics out of the risk assessments in all business divisions and OPGS
- Provides risk exposure KPI’s to the Information Security KPI dashboard
- Responsible to ensure the administration of CRISAM
- Responsible for quality assurance and Information Security compliance
- Responsible to educate IT security topics in several operational IT delivery discussions
- Responsible to manage projects linked to the Risk Management domain
- Act as an expert in interpretation of regulations, guidelines, policies, and procedures and gather risk-related data from internal or external resources.
- Applies independently the knowledge from area of expertise in accordance with the business requirements and gives guidance to more junior colleagues for problem solving / issue resolution.
- Identifies potential risks in area of expertise and proposes respective solutions for risk mitigation.
- Steers and controls the implementation of IT Security measures to contribute to the Information Security Risk mitigation and the IT-Security maturity level
- Perform security checks and internal audits
- Develops appropriate technical documentation addressed by the CISO
- Defines security controls for the organization and audits the related evidence collection process
- Is responsible for monitoring the implementation of IT Security Standards
- Organizes a project according to OMV Group and guidelines and the project work order. This includes staffing projects together with the corresponding line managers.
- Organizes/communicates information to all concerned parties about the project, especially Service Managers.
- Provides feedback on involved personnel to the disciplinary supervisor.
- Manages the scope of projects within his/her responsibility.
- Performs a proper handover including know-how transfer to a dedicated Service Manager.
- Initiates project related purchase orders ensuring that these orders are aligned with Global Solutions IT standards and guidelines, and coordinates the release of these POs with the corresponding line managers, commercial management and procurement.
- University degree in Computer Science, Engineering or Business
- Excellent (proficiency level) in spoken and written English
- CISSP, CISA or other security certifications
- 7 years of experience in Information security, Governance, Audit and Risk
- Working experience with external Auditors
- Intermediate project management skills.
- Advanced command of English (written and spoken).
- Deep understanding in the area of Risk Management
- Good understanding in one or more areas: Service Continuity Planning, Cyber Security Incident Response, Cryptography, Threat Assessment, Identity and Access Management, Data Protection, Security Architecture and Design
- Very good knowledge of specific application(s), technologies, and processes on IT Security Department level used in own activity and general knowledge of specific application(s), technologies, and processes on Service Line level.
- Strong technical knowledge of Networking, Operating Systems and Enterprise integrations
- Experience in managing standards, developing Security Operations Processes
- Good knowledge and skills of Microsoft Office (Microsoft Excel, Microsoft Word, Microsoft Outlook).
- Implementing Information Security services / processes in the area of responsibility
- Advanced ability to recognizes, communicate, and mitigate information and technology risk
- Advanced knowledge of processes, roles and responsibilities on team level.
- Good understanding of functional relations and interdependencies.
- Identifies opportunities to improve activity, processes, and regulations.
- Solid knowledge and understanding of related legislations / norms, internal rules/guidelines, in multiple areas/team level.
- Ability to support elaboration of internal rules and guidelines.
- Specific certifications in the respective discipline or equivalent education along with solid occupational experience in the related field.
- Awareness regarding Information Security.
- Proven ability to adjust to complex new tasks & situations in an effective manner, for own scope of responsibility and as role model for more junior colleagues.
- Ability to define individual objectives in line with team / department objectives.
- Supports more junior colleagues for the definition of objectives, career development and identification of training needs.
- Good to advanced execution skills proved by ability to adjust new tasks & situations in an effective manner, showing flexibility in the way of thinking and acting.
- Solid ability to innovate, suggesting improvements to the work related to own and adjacent activities, participation in developing solutions to complex problems and identify opportunities to improve activities.
- Solid communication, negotiation and interaction skills, decision taker and promoter management decisions, good presentation skills.
Sponsors & Partners
They help us make this conference possible.
Orange Romania is the leader of the local telecom market and part of the Orange Group, one of the largest global telecommunications operators, connecting hundreds of millions of customers worldwide. With over 11 million customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions to its customers, both individual users and companies, from basic services up to complete voice services, fixed and mobile data, TV services or smart home services, but also mobile financial services. Orange is also a leader in innovation investing yearly over 200 million euros in network infrastructure and R&D initiatives in Romania. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance. In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.
Orange Services was created in 2013 and is a 100% owned subsidiary of Orange Group. As a technology services company, our DNA is in IT, but our teams also work in other domains including mobile networks and a number of commercial and business functions. Orange Services is one of the largest technology hubs in the Orange Group, working internationally for both Orange corporate functions and country operations. Through a unique combination of cutting edge know-how and expertise, our teams provide a broad range of services: development and supervision of IT services in domains such as Big Data, Cloud, M2M, IoT, TV, Connected Objects; design and development of IT infrastructure and desktop solutions; testing & planning for mobile networks; implementation of supply chain solutions and also improvement of commercial & business performance including BI, CRM, Analytics, Digital learning and Customer Care. Visit us on LinkedIn.