Share this Job
Apply now »

IT Security Manager_ChangeTheBank

IT Security Manager_ChangeTheBank

City:  Bucuresti
Type of contract:  Unlimited
Discipline:  IT

About Our Team


We are more than 5000 people at BCR and each and every one of us is different. We like to believe that our diversity of ideas, attitudes, passions, feelings and origins make our culture more beautiful and our jobs more meaningful.


We are looking for a talented colleague to join our team of Information Security (Security Governance & Change Oversight Team) and take the role of Security Manager within BCR Group.

In this role you will be part of a team responsible for assurance, design and implementation of cyber security projects.


How you will contribute


  • Proactively identify security issues and potential threats, ensuring awareness of the latest threats, and continuously building processes and design systems to watch for and protect against them;
  • Educate the business and IT colleagues about security threats and implement threat protection measures at project and Bank level;
  • Define and propose policies, procedures and internal / local regulations specific to IT security regarding the realization / administration / use of processes and IT resources that ensure information security in accordance with Group policies and with the legislation in force;
  • Define and supervise the implementation of technological security requirements for the IT infrastructure;
  • Evaluate the execution / testing of action plans in case of security incidents;
  • Participate in investigations and report to the higher hierarchical level their result regarding the theft of information, destruction, modification and other aspects regarding the access and unauthorized use of IT resources;
  • Evaluate the security risks and test the changes within the IT infrastructure or systems proposed through the Change Management process or results from operational software maintenance and updating activities;
  • Challenge the assessment of risks associated with new products, business initiatives and material project change and ensure adequate 1st line deployment of appropriate controls to mitigate risks;
  • Guide and drive security initiatives through scheduled, daily,  weekly, monthly and quarterly sessions;
  • Define the risk management framework, maintain risk register, risk treatment plans, regularly reporting to the risk and InfoSec committee;
  • Ensuring access controls are set to appropriate levels across the various departments liaising with function Heads;
  • Propose for approval and monitor the implementation of projects and processes aimed at detecting, identifying and analyzing IT security events / threats on BCR's IT infrastructure;
  • Coordinate the annual plan for conducting penetration tests, ensure the relationship with service providers and reconciliation of penetration reports;
  • Evaluate the security risks associated with the outsourced activities with the IT component from the perspective of internal regulations and applicable laws (NIS, NBR regulations, ASF regulations, etc.);
  • Protect data and information processed and stored in cloud by implement appropriate security solutions;
  • Keep track of the certifications / endorsements obtained by the banking institution resulting from the applicable legal and group provisions annually.


What will help you be successful


  • +4 years of experience in IT security (at least 2 years in financial-banking institutions);
  • Good knowledge regarding the management of the IT infrastructure within the medium and large level corporations;
  • Legislative knowledge specific to the field of information security;
  • Knowledge about the non-functional aspects of IT Architectures (Performance, resilience, availability, security, etc.);
  • Administration of networks at CCNA level;
  • Experience in security of services installed in the cloud: Azure, AWS, etc. or experience in security of mobile applications;
  • Knowledge of at least 2 of: Kubernetes, Java, Node.js, Golang, Python;
  • Knowledge of RESTful APIs, Single Sign On, LDAP, Search Technologies;
  • Knowledge of: Linux, Maven / Gradle, NPM, Jenkins / Circle CI;
  • Preferably knowledge about Spring Boot, Ansible, Shell, OpenShift, GIT Lab;
  • Understanding of service oriented architectures especially of REST API type;
  • Understanding the use of Java-based libraries and frameworks (Spring Boot) and Javascript, Angular, React, Knockout libraries.


Sounds like you'd be a good fit? Well, check out what we provide for our passionate people


  • The opportunity to develop yourself in one of the most important banking institutions from Central and Eastern Europe;
  • Flexible working schedule and work from home policy;
  • Accessible & modern head offices in Grozavesti Area (For the time being, due to Covid-19 situation, most of us work from home);
  • Private medical insurance;
  • Up to 27 vacation days depending on your years of experience;
  • Days off for unexpected events;
  • Free day on your birthday;
  • Banking and private pension benefits.

Apply now »