About our team

BCR is the place where you learn, grow, and contribute to shaping the future of banking. We are recognized as a school of excellence in banking, a top employer in the banking sector, and a team open to learning, where every colleague feels noticed and valued.

We are an organization that values people and supports them in having a life that brings fulfillment, security, and balance.

BCR is seeking a highly experienced and strategic Chief Information Security Officer (CISO) to lead and drive our information security strategy, ensuring the confidentiality, integrity, and availability of our critical assets through robust security management practices. As CISO, you will champion a risk-based approach to security, overseeing all aspects of information security management, including but not limited to,  risk assessment, policy development, access control, incident response, and security awareness training. You will serve as a key advisor to executive management and the Board of Directors on all matters related to cybersecurity, information risk, and effective security management strategies.

How you will contribute

• Strategic Leadership in Security Management: Develop, implement, and maintain a comprehensive information security management strategy aligned with the bank's business objectives and regulatory requirements, emphasizing a proactive and risk-based approach;
• Stakeholder Management & Communication: Serve as the primary point of contact for all information security matters, building strong relationships with business units, IT departments, and executive leadership. You will represent the key relationship for business and support units as a manager and risk advisor regarding Information Security and its effective management;
• Risk Management & Mitigation: Lead the organization's information security risk management program. Identify, assess, and mitigate information security risks across the organization, ensuring alignment with the risk appetite. You will be responsible for reviewing and challenging security measures and behaviors at the 1st Line of Defense (1LoD) level, in conjunction with senior management 1LoD, business line directors, and infrastructure units;
• Policy & Procedure Development: Develop and maintain comprehensive security policies, standards, and procedures that align with industry best practices and regulatory requirements. Ensure effective communication and implementation of these policies across the organization;
• Compliance & Audit: Ensure compliance with all applicable laws, regulations, and industry standards related to information security, including GDPR, PSD2, DORA and relevant banking regulations. Manage security audits and assessments, addressing findings and implementing corrective actions;
• Security Architecture & Design: Oversee the design and implementation of secure IT architectures and systems, ensuring that security controls are integrated throughout the development lifecycle and effectively managed over time;
• Incident Response & Recovery: Develop and maintain a robust incident response plan to effectively detect, respond to, and recover from security breaches and other incidents. Coordinates Information Security projects. Assists the Bank's response during a crisis situation (Crisis Management).

What will help you be successful

• Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred;
• Minimum of 6 years of experience in information security management, with at least 2 years in the financial-banking sector;
• Minimum of 4 years of experience in a management role, with demonstrated leadership and team-building skills;
• Extensive knowledge of information security principles, practices, and technologies, including risk management, security architecture, cryptography, and network security;
• In-depth understanding of relevant regulatory requirements, including GDPR, PSD2, DORA, NIS2 and banking regulations and their impact on security management;
• Excellent communication, interpersonal, and presentation skills, with the ability to effectively communicate with stakeholders at all levels of the organization, including the Board of Directors;
• Strong analytical and problem-solving skills, with the ability to identify and assess complex security risks and develop effective management strategies;
• Relevant certifications such as CISM, CISSP, CGEIT, or CRISC are highly desirable;
• Proficiency in English is mandatory;
• Knowledge of technologies like SIEM, intrusion detection and prevention systems, vulnerability scanning tools, and other security-related technologies used in security management;
• Familiarity with server and database security best practices and their effective management.

Check out what we provide for our people

• Monthly budget for flexible benefits through the Benefit Online platform;
• 13th month salary;
• Performance-based bonus;
• Banking facilities, benefits for private pension and discounts on insurance policies;
• Gifts for special occasions;
• Vacation allowance;
• Private medical services for you and your family;
• Hybrid and flexible work schedule;
• 1 month / per year of remote work from abroad (UE);
• Up to 27 vacation days depending on your professional experience;
• Extra 7 days off per year if you have used up your vacation days;
• One day off for your birthday;
• Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
• Subscription to Bookster.