Data & Information Security Manager Firm Wide
BearingPoint has been recognized as the #1 employer in Consulting and is one of the TOP employers in Romania by undelucram.ro*.
*Source: “Top 100 Cei Mai Buni Angajatori 2022-2023” - Undelucram.ro.
YOU can become part of it - discover us and come aboard a company that does more than business!
Location: Bucharest, Sibiu, Cluj, Brasov, Timisoara and Iasi.
About the role
You will join the Global Compliance team as a Data & Information Security Manager, reporting initially directly to the Chief Compliance Officer / Global Data Protection Officer. Depending on your skills and interests, you will be responsible for information security projects and processes, including keeping up and documenting the ISMS. You will collaborate with other departments on various topics related to Information Security and Data Protection, especially with the firm-wide IT Security Team.
Your objective will be to maintain and enhance our data & information security processes in coordination with the Data Protection and the Security team, and to ensure compliance with relevant laws and standards (including ISO27001, TISAX, GDPR (TOMs)).
Within the structure of a global partnership, you will be responsible for the first response to security-related questions from our clients and provide content for relevant external and internal audits and certifications.
What we expect from you
Maintaining the information security processes (ISMS) and related document management, excluding incident management and reporting;
Maintaining and periodically reviewing policies and processes for information security and GDPR-TOMs to enable improving the effectiveness;
Collaborate with other teams to perform a security risk assessment before approving new IT technologies;
Conduct risk assessments including office security checks and support the new IT assets, Technology Partners, and the supplier assessment process;
Support teams and projects and propose practical and pragmatic solutions;
Communication with BearingPoint clients on security-related subjects, including requests for proposals and audit requests;
Be one of the key points of contact for the ISMS /TISAX or other related internal and external audits;
Take action to address the non-compliance with Policies in the organization based on the lessons learned and ensure that the corrections are made and reported back to the auditors as needed;
Establish and manage risk-prevention, detection, correction, and remediation plans;
Create and maintain client documentation on security and compliance topics.
Your skills and preferred qualification
An advanced degree in computer science, information security, natural sciences, and technology or a related discipline, or equivalent work experience;
5-7+ years of professional experience in Data Protection, Information Security, or Cyber Risk;
Experience in the information security and/or data protection domain, including the development and implementation of practical security and/or data protection governance, policies, processes, and standards;
Proficient in English for speaking, reading, and writing. Other languages, such as German, are a plus;
Skilled in conducting risk assessments and formulating effective risk mitigation strategies;
Familiarity with industry standards and frameworks such as ISO/IEC 17799, ISO/IEC 27001, COBIT, ITIL, etc.;
Experience in related domains (e.g. Business Continuity, Disaster Recovery, IT Security, Risk Management, Audit Management) is a plus;
Excellent analytical and conceptual thinking, ability to understand, structure, and prepare/explain complex topics on the appropriate level, depending on context and recipient;
Highly motivated to learn about new topics, technologies, concepts, and business cases.
CISSP/CISM/CISA certification preferred;
Excellent interpersonal skills to work with technical and non-technical colleagues around the world;
Goal-orientated to maintain focus on agreed objectives and deliverables;
Problem-solving skills to identify creative and elegant solutions;
A serious understanding of the fundamentals of IT-/Cybersecurity;
Strong organizational, planning, and documentation skills;
Ability to interpret internal/external business challenges and regulatory requirements to develop and recommend best practices to improve processes or services;
Ability to work multiple priorities in parallel with a proven record of innovation and successful change management;
Willing to understand new areas and follow IT development.
What we offer
Attractive compensation package;
Fixed salary compensation along with Yearly Evaluation and performance-related bonus scheme;
Meal Tickets, Easter, and Christmas Gift Vouchers;
Seniority Bonus and Referral Bonus.
Health and Well-being:
WorldClass Gym Discounts and 7Card Partnership;
Private Medical Subscription for employees and family (children, spouse/ life partner);
Life and Accident Insurance.
Personal and professional development:
German/ French Language Courses at any level;
Complete training & certification curricula available (tailored courses);
E-Learning System available for all employees;
Firm-wide and Regional level training.
BearingPoint is an independent management and technology consultancy with European roots and a global reach. We operate in three business units: Consulting, Products, and Capital. Consulting covers the advisory business with a clear focus on selected business areas. Products provides IP-driven digital assets and managed services for business-critical processes. Capital delivers M&A and transaction services.
BearingPoint’s clients include many of the world’s leading companies and organizations. The firm has a global consulting network with more than 10,000 people and supports clients in over 70 countries, engaging with them to achieve measurable and sustainable success.
We are present in Romania since 2007, with more than 900 employees in our offices in Bucharest, Sibiu, Timișoara, Iași, Cluj-Napoca, and Brașov.
We are guided by our purpose – Together, we are more than business.
It revolves around three key areas of focus – More innovation, more for our planet, and more for our people. Our people's promises – Purpose in Practice, Deeper Connections, New Flexibility, Personal and Professional Growth, and Holistic Wellbeing and Rewards, bring together our values, aspirations, and responsibilities towards our people. It helps our people achieve and accomplish more than you can imagine possible.
We can’t do this alone. We can do this together. Join us.