About our team

We are the ones who reinvent banking every day through digitization solutions and financial education. Annually, 1 in 5 Romanians buy a home using BCR's services and products and 1 in 6 Romanians access loans for personal needs. We are the team that supports growth and financial health through technology and makes it possible for over 500,000 accounts to be opened digitally.

Our Cyber Risk Management team is going to grow that’s why we are looking for two colleagues (execution level)  who could bring know-how, experience and energy to be involved in different challenging projects and achieve team goals.

How you will contribute

• Implementing cyber risk policy framework while considering relevant internal and external regulatory, legal, industry and operational requirements and constrains;
• Contributing to governance and risk management processes to ensure cybersecurity risks are sufficiently addressed;
• Developing, maintaining and facilitating process of defining & monitoring cyber risk appetite, tolerances and limits in tight cooperation with business, IT and risk management and performing cyber risk materiality assessment;
• Defining process and minimum requirements for business environment analysis, IT asset inventory and cyber risk assessment methodology for a purpose of effective 2LoD function;
• Proactively seeking information on major trends and changes in business environment regarding business goals and IT intentions – a key input for cyber risk strategy and management processes;
• Maintaining an oversight of cyber risks using internal and external information sources;
• Review, in cooperation with operative security management, the minimum requirements for cyber risk protection and detection controls, having in scope existing security model of the Bank;
• Defining methodology, aggregation level, implementation scope and proportionality for measurement of cyber risk (KRIs);
• Identifying and addressing material deficiencies towards a risk tolerance through relevant cyber risk management and reporting processes, including improvement measures;
• Driving cyber risk projects and initiatives;
• Gaining and sharing deep knowledge on regulatory, legal requirements and best practice regarding cyber security and incorporate these into framework as well as daily communication with stakeholders.

What will help you be successful

• Bachelor’s degree in Technical University/Banking/Finance/Economy(preferably risk management, computer science, computer engineering, cyber security or related fields); master’s degree is a plus;
• One of following trainings or certificates will be considered a significant competitive advantage: CRISC, CISM, CISSP, SSCP, CISA, COBIT, ITIL;
• Professional experience – at least 3 years in related fields (preferably within a large organization);
• Ability to understand IT systems and the business processes they support, synthesize the corresponding cyber risks and controls, and recommend cyber risk mitigation actions as needed;
• Understanding of cybersecurity risk management and control frameworks (including NIST cybersecurity frameworks);
• Knowledge of cybersecurity related regulations is beneficial;
• Ability to conduct trainings and moderate workshops;
• Excellent presentation and communication skills;
• Organizational, project management and multi-tasking skills with demonstrated ability to manage stakeholder expectations and deliver results with a high level of professionalism and integrity;
• Analytical, conceptual and problem-solving thinking;
• Excellent data processing, analysis and reporting skills;
• Ability to write policies and procedures;
• Ability to effectively prioritize activities and work with tight deadlines red;
• Experience in management consulting is a plus;
• Highly proficient in spoken and written English – advanced level is required (including the specific terminology)

Check out what we provide for our people

• Benefit budget through Benefit online platform;
• Banking and private pension benefits;
• Private medical services;
• Flexible working schedule and work from home policy;
• Accessible & modern head offices in Grozavesti area;
• Up to 27 vacation days depending on your years of experience;
• Days off for unexpected events;
• Free day on your birthday;
• Programs and platforms that allow you to learn anytime, anywhere and from any device.