Head of Cyber & Information Security Bucharest

Head of Cyber & Information Security
Bucureşti
Bucharest, Bucharest, Romania

What you'll do

The Head of Cyber & Information Security (Romania) is responsible to oversee all cyber security operations within the country and its associated operating companies, which also includes the company’s subsidiaries, acquisitions, and secondary brands.  

As a priority, the Head of Cyber Security must ensure that all Vodafone products and services launched undergo proper Secure by Design processes, by maintaining a proper Risk Management and Compliance across the company.  

Such responsibility also includes adequate oversight of supplier risk management, and leading the collaboration in the deployment of new security tools as requested in the global strategy, and in the response to cyber incidents affecting their local market 

Last but not least, as the Head of Cyber Security for Romania will serve as the primary contact for national cyber security government agencies, the person occupying such position may need to possess/obtain appropriate security clearance.

Strategic Leadership:

• Identify opportunities for the development of Vodafone's business by participating in the selection procedures organized for the award of contracts for the specific platforms and services necessary for the implementation of the government private cloud

• Develops cybersecurity systems and facilitates the increase of the resilience and cybersecurity of Vodafone's infrastructure services; 

• Uses the cybersecurity resources and skills necessary for the implementation of projects within the government private cloud in order to expand the capabilities in the field and develop specific projects in the field of cybersecurity;

• Develop and execute a comprehensive cybersecurity strategy aligned with the company's business objectives.  

• Provide visionary leadership on
- related matters, staying abreast of industry trends and emerging threats.  

• Influence strategic decisions regarding the cyber security baseline and engages with local authorities to support the achievement of the technology strategy, operating model, and plan.

• Provide comprehensive interpretations/understandings of his professional field to the interested business stakeholders.

• Support the negotiations at the level of Vodafone in accordance with its seniority level, representing the centre of excellence on cyber security engineering that
- creates, promotes and enables a code of best practice at the level of
- defence in Vodafone Romania.

Risk Management:

• Assess and prioritize security risks, ensuring that potential vulnerabilities are identified and addressed promptly.  

• Strong background in cyber security operations, risks and controls identification and assessment

• Collaborate with
- functional teams to implement risk mitigation strategies and contingency plans.  

Security Architecture:

• Design and implement robust security architectures for payment systems, ensuring the confidentiality, integrity, and availability of sensitive information.  

• Evaluate and recommend security technologies, tools, and processes to enhance the organization's security posture.  

• Utilize sophisticated analytical thinking to guide and support the technical operations of cyber security platforms throughout their entire lifecycles.

• Proactively detect, identify and respond to security risks and vulnerabilities by implementing an effective response plan and maintaining a consistent approach throughout the security platform lifecycle.

• Deliver
- security improvements and projects in the market, ensuring the effectiveness of control processes and develop future security capability plans with key partners/vendors.

Incident Response and Forensics:

• Develop and maintain incident response plans to address security incidents promptly and efficiently.  

• Conduct forensic investigations in the event of a security breach, ensuring thorough analysis and documentation.  

• Notify cybersecurity incidents and/or create cybersecurity incident response teams

Compliance and Standards:

• Ensure compliance with industry regulations, standards, and best practices related to payment security.  

• Collaborate with internal and external auditors to conduct security assessments and address findings.  

• Obtain and continuously maintain operational excellence on the local market, achieving and maintaining ISO27001 standard for the local operations and data centres, where deemed appropriate.

Team Management:

• Lead and mentor a
- performing team of security professionals in a global organization.  

• Foster a culture of security awareness and education across the organization. Prove constant focus both on
- professional development and in the evolution of his/her team, by cultivating people’s strengths and supporting their growth, in line with their individual potential and with the strategy of the company.

Who you are

• 8+ years in an Information Security role.  

• Proven track record in leading Information Security teams and comfortable with senior stakeholder engagement.  

• Hands-on experience in Information Security roles in financially regulated organizations.

• Strong understanding of security architecture, network security, cryptography, and access control.  

• Excellent leadership and communication skills, with the ability to articulate complex security concepts to
- technical stakeholders. Strong communication and leadership skills are also necessary with a view to lead, inspire and motivate the teams to achieve the desired outcome, acting as a role model to support the organizational/ cultural changes.  

• Demonstrated experience in incident response, threat intelligence, and security operations.  

• Proficiency in assessing security controls for systems and processes using a range of testing and assurance techniques (inquiry, process review, technical testing, data analysis, compliance review). Can provide recommendations to remediate gaps found and provide input into the risk management process.

• Strong management skills, proving the ability to quickly and efficiently identify opportunities, tackle serious challenges, by grasping the root causes leading thereto, in order to make informed decisions to deliver business requirements.

• Capability to assess, lead, learn from and adjust to changes and evolving demands, in various scenarios.

• Bachelor's or advanced degree in Cybersecurity, Information Technology, or a related field.  

• Capability to comprehend telecommunications infrastructure and technology to apply security control requirements, ensuring proper design, implementation, and operation.

• Proficiency in developing and implementing a standardized risk management approach across the organization, providing guidance on risk management policies and operational guidelines. Ability to lead and oversee risk identification, assessment, response, and reporting processes.

• Ability to oversee all aspects related to Information and Cyber Security, including budgeting, planning, implementation, testing and reporting, while recommending the necessary remediation measures to ensure system, service and information integrity and continuity. Applies
-
- design principle in the development, construction and testing of solutions, products and services, for both Vodafone use and external customers.

• Positive and proactive attitude, demonstrating the ability to find solutions and adapt to various situations with eagerness, tenaciousness and determination.

• Capability to apply the knowledge of the external environment, including customers, partners, competitors and external bodies, to rapidly identify and capitalize on growth opportunities.

• Ability to implement and lead the execution of a strategic plan to achieve organizational goals, establishing daily structures, systems, and operational objectives that position the teams for success.

• Experience in international organizations is a plus.

Technical/professional certifications:

- Mandatory to hold the COBIT - Control Objectives for Information and related Technology certification, and, additionally,   at least three Certifications of the following:

- CISA (Certified Information Systems Auditor);

- CISSP (Certified Information Systems Security Professional);

- CISM (Certified Information Security Manager);

- CRISC (Certified in Risk and Information Systems Control);

- CDPSE (Certified Data Privacy);

- CCISO (Chief Information Security Officer Certification)

- GIAC (Security Leadership, GSLC);

- CEH Certified Ethical Hacker;