Share this Job
Apply now »

Information Security Specialist

Date:  Jan 12, 2023

Bucuresti, RO

Company:  KMG Rompetrol

We are currently looking for a thoughtful, team-oriented, and enthusiastic Information Security Specialist for Bucharest, within KMG Rompetrol.


Your new role: Be comfortable engaging with stakeholders across the business at different levels, and be able to produce relevant documentation on correct policy, procedures and standards. The ideal candidate will have previously covered all aspects of Information Security within large enterprise environments, and be comfortable working in a role that will be a mixture of hands-on technical work and strategic input to allow the organization to develop best practice. 

Activities going to help you shine:
·         Assist in planning, management and execution of vulnerability and risk assessment projects.
·         Analyze new and upcoming security solutions to protect company and customer data.
·         Execution of Threat and Risk Assessments of enterprise IT systems and documenting recommendations on how to mitigate risks.
·         Performing internal security audits against Government and ISO:IEC 2700x standards. Audits may be required to be performed at remote sites including abroad entities, on occasion.
·         Researching and tracking information about current security threats and potential vulnerabilities. Initiate escalation procedure to counteract potential threats/vulnerabilities.
·         Assist in managing IT incidents and resulting Security investigations. Acting as initial contact for IT Security related incidents. Ensuring the reporting, investigation and escalation of incidents is completed where appropriate.
·         Assist the Group Security Lead in supporting Procurement function for new acquisitions / purchases and help to manage the relationships with suppliers / partners to assure levels of Security & Continuity capabilities are commensurate.
·         Participate in DLP related incident investigations, determining the cause of the security incident and preserving evidence for potential legal action.
·         Pro-actively identify vulnerabilities and weak security controls, conduct security audits and recommend improvements and corrective actions to the relevant teams.
·         Ongoing development of Security Event Logging retention process at Group level.
·         Assist in performing policy compliance reviews of enterprise IT systems and business application systems.
·         Collecting, monitoring and analyzing Group IT security metrics to measure the effectiveness of ISO's IT security management processes and producing relevant reports.
·         Documenting and updating elements of IT security governance (e.g. policies, procedures, standards)
·         Serve as a point of contact for information security inquiries and audits.
·         Ensuring that security issues identified during internal and other third party security reviews are communicated to technical teams and that appropriate and up to date action plans exist to clear issues.
·         Performing Security awareness and training on both a group and individual basis.

The fuel needed to go further with us:
•    At least 5 years of experience in adjacent areas such as, Security Operations Center, Network Operations Center, System Administrator, Platform/Tool Support Engineer, IT Helpdesk support.
•    Good understanding of the commonly used concepts, practices, and procedures within Information Security with a bonus for ICS / SCADA security knowledge.
•    Good knowledge of local regulations related to information protection, IT and cyber security.
•    Good understanding of application security, secure programming, vulnerability analysis, penetration testing, encryption technologies, intrusion detection and incident response management practices.
•    Excellent understanding of concepts and practical enactment of Information Security Risk. Management (control frameworks, control lifecycle, implementation and measurement).
•    Excellent understanding with GDPR and NIS Directive requirements
•    Practical experience with deployment and/or operation of the following security solutions:
•    Advanced Endpoint Security solutions.
•    Web and Email Security Gateways.
•    SIEM systems.
•    Data Loss Prevention (DLP) systems.
•    Secure Network Access and Identity Services solutions.
•    Strong experience in securing Directory Services such as AD, LDAP.
•    Proven previous experience in managing Firewalls, VPNs, IDS or other commercial network security solution (Cisco, Palo Alto, Fortinet,  etc.) and excellent understanding of network technologies.
•    Strong experience with network forensics and data preservation.
•    Experience with patching and software deployment technologies.
•    Previous experience in deployment, fine tuning and management of Windows server and/or Unix operating systems.
•    Experience in performing Information Technology technical audits, security vulnerability assessments, system configuration verifications and security related assignments.
•    Experienced in Application and Information Security Architecture.
•    Excellent understanding of ISO:IEC 2700x (PCI DSS, NIST, SAS70 and/or others would be a plus).
•    Experience of working in a mixed OS, Cloud, SaaS, Web, API and Mobile Application environments.
•    Experience with conducting Threat and Risk assessments and Vulnerability Assessments of IT systems.
•    Industry or vendors certifications from ISACA, ISC2, GIAC, EC-Council, Cisco, Palo Alto, Juniper, CompTIA, ITIL, Microsoft, Oracle, etc. are considered a plus (ex. CISA, CISSP, CISM, ISO2700x, COBIT).
•    Passionate about Information Security, inquisitive, energetic and eager to learn.
•    Good communication, documentation and presentation, interpersonal and team-player skills.

You will be supplied with:
•    Supportive, professional teams;
•    Creative environment
•    Private medical package
•    Life and health insurance
•    Meal tickets
•    Friday short work-program
•    Benefits package and discounts (sports, medical, banks, culture, fashion, tourism, restaurants, etc.)
•10% fuel discount in our gas stations with Fill & Go card
What you need to do now:

If you are interested in this role, go to "apply now" to send an updated copy of your resume.
Fuel your career and start a new journey with us!


Apply now »