About our team

We are the ones reinventing banking every day through digitization solutions, financial education, and sustainable financing. Annually, 1 in 5 Romanians buys a home using BCR's services and products, and 1 in 6 Romanians accesses personal loans for personal needs.

We are recognized as the best employer in banking according to "undelucram.ro" platform in 2023, and we hold the Guinness World Record for “The Largest Financial Literacy Lesson”.

Role Overview:

We are looking for a talented colleague to join our team of Information Security (Security Governance & Change Oversight Team) and take a role in the Security GRC Team. In this role you will be part of a team responsible for assurance, design and implementation of cyber security projects.

How you will contribute

• Proactively identify security issues and potential threats, ensuring awareness of the latest threats, and continuously building processes and design systems to watch for and protect against them;
• Educate the business and IT colleagues about security threats and implement threat protection measures at project and Bank level;
• Define and propose policies, procedures and internal / local regulations specific to IT security regarding the realization / administration / use of processes and IT resources that ensure information security in accordance with Group policies and with the legislation in force;
• Define and supervise the implementation of technological security requirements for the IT infrastructure;
• Evaluate the security risks and test the changes within the IT infrastructure or systems proposed through the Change Management process or results from operational software maintenance and updating activities;
• Challenge the assessment of risks associated with new products, business initiatives and material project change and ensure adequate 1st line deployment of appropriate controls to mitigate risks;
• Guide and drive security initiatives through scheduled, daily, weekly, monthly and quarterly sessions;
• Define the risk management framework, maintain risk register, risk treatment plans, regularly reporting to the risk and InfoSec committee;
• Propose for approval and monitor the implementation of projects and processes aimed at detecting, identifying and analyzing IT security events / threats on BCR's IT infrastructure;
• Evaluate the security risks associated with the outsourced activities with the IT component from the perspective of internal regulations and applicable laws (NIS, NBR regulations, ASF regulations, etc.);
• Coordinate annual external audits having a security components and required by law;
• Protect data and information processed and stored in cloud by implement appropriate security solutions;
• Keep track of the certifications / endorsements obtained by the banking institution resulting from the applicable legal and group provisions annually.

What will help you be successful

• +4 years of experience in IT or IT security (at least 2 years in financial-banking institutions would be appreciated);
• Good knowledge regarding the management of the IT infrastructure within the medium and large level corporations;
• Legislative knowledge specific to the field of information security;
• Knowledge about the non-functional aspects of IT Architectures (Performance, resilience, availability, security, etc.);
• Experience in security risk assessments, security audits and security governance;
• Experience in security of services installed in the cloud: Google, Azure, AWS, etc. or experience in security of mobile applications;
• Administration of networks at CCNA level;
• Certifications such as CISSP, CISM, CRISC or similar would be appreciated.

Sounds like you'd be a good fit? Check out what we provide for our people

• Monthly budget for flexible benefits through the Benefit Online platform;
• Performance-based bonus;
• Banking facilities, benefits for private pension and discounts on insurance policies;
• Gifts for special occasions;
• Private medical services for you and your family;
• Hybrid and flexible work schedule;
• Up to 27 vacation days depending on your professional experience;
• Extra 7 days off per year if you have used up your vacation days;
• One day off for your birthday;
• Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
• Subscription to Bookster.