-
MagnaPharm Marketing & Sales Romania

Security Analyst

MagnaPharm Marketing & Sales Romania
Romania · Full-time · Mid-Senior

Location: Bucharest, Romania

Reports to: CIO, Magnapharm (solid line)

Dotted line: Group IT Security Manager / Group Security Lead, Dr. Max

Function: Group IT – Security


About the role:

You will be the hands-on security person for Magnapharm. Day-to-day you will monitor and respond to security events, drive NIS2 compliance across our entities, and help local IT teams keep things secure. As Magnapharm adopts AI tooling, you will also take ownership of AI license management and the security side of building and running internal AI agents — making sure we use these tools safely and in line with group policy.

The role reports to the Magnapharm CIO and works with a dotted line to the Group Security Lead at Dr. Max, aligning local delivery with group security strategy, standards and tooling.


Responsibilities:

Security operations & incident response

•    Monitor security alerts, investigate incidents and coordinate response across Magnapharm entities.

•    Run vulnerability management and track remediation with local and group IT teams.

•    Maintain working knowledge of identity, cloud security (M365 / Azure).

NIS2 & compliance

•    Own NIS2 implementation for Magnapharm: documentation, implementation, evidence collection and incident reporting.

•    Support audits, risk assessments and third-party / supplier security reviews.

•    Oversee security awareness training and phishing simulations.

AI license management & AI agents (security side)

•    Manage AI tool licensing for Magnapharm — track usage, license allocation, access controls, and ensure approved tooling usage only.

•    Define and enforce security and data-handling for AI use (data classification, access, logging, acceptable use).

•    Support the build and rollout of internal AI agents—design, permissions, integrations, security and data flows before go-live.

•    Work with the Group Security team to keep AI usage aligned with group policy and NIS2 obligations.

Microsoft platform security

•    Own the end-to-end security posture of every Microsoft service in use at Magnapharm — Microsoft 365, Entra ID, Azure and the wider Microsoft cloud estate. Act as the accountable owner for security configuration, hardening and continuous improvement across these platforms, rather than only maintaining awareness of them.

•    Endpoint & Intune: define and maintain device compliance policies, configuration profiles, app protection (MAM) and attack-surface-reduction rules; tie Conditional Access to device compliance; oversee Defender for Endpoint onboarding, BitLocker enforcement and patch/baseline compliance across all managed devices.

•    Exchange Online: own email security through Exchange Online Protection and Defender for Office 365 (anti-phishing, anti-malware, Safe Links / Safe Attachments), manage mail-flow and transport rules, and maintain email authentication (SPF, DKIM, DMARC) to defend against spoofing and business email compromise.

•    SharePoint Online, OneDrive & Teams: govern external sharing, manage sensitivity labels and DLP policies, and remediate oversharing — increasingly critical as Microsoft 365 Copilot and internal AI agents surface content based on existing permissions.

•    Identity & access (Entra ID): drive Conditional Access, MFA, Privileged Identity Management (PIM), access reviews and app-registration / consent governance to enforce least privilege across the tenant.

•    Data protection & monitoring: leverage Microsoft Purview (DLP, data classification, information protection, insider risk, audit) and Microsoft Defender XDR / Sentinel to detect, investigate and reduce risk across the Microsoft stack.

•    Infrastructure security improvements: proactively assess and harden the Azure and on-premises infrastructure (private endpoints, Key Vault, RBAC, Active Directory) and come forward with concrete improvement proposals — not just findings. Track Microsoft Secure Score / Defender for Cloud Secure Score and drive measurable improvement over time.

•    Apply and maintain Microsoft and CIS security baselines and continuously evaluate and roll out new Microsoft security capabilities as they become available.

Partnering

•    Be the SPOC for local IT and business teams on security support.

•    Work closely with the Dr. Max group security team on standards, tooling and reporting.

•    Ensure full alignment with Dr.Max Group Security Lead directions

•    SPOC for Nis2 communications with local authorities at group level.


What we are looking for:

•    3 – 4 years of hands-on experience in cybersecurity (SOC, security operations, GRC, or similar) – a strong plus, but not a hard requirement if you can demonstrate the right skills

•    Working knowledge of identity, endpoint, network and cloud security (M365 / Azure).

•    Real incident response experience — not just theory.

•    Familiarity with ISO 27001, NIST CSF or similar frameworks.

•    Awareness of NIS2 or comparable regulations.

•    Understanding of AI / SaaS security and governance concepts, and an interest in how AI tools are secured and managed.

•    Strong written English and Romanian.


About MagnaPharm

With 30 years in the pharmaceutical industry, MagnaPharm provides integrated marketing, medical and pharmacy promotion, distribution, regulatory and market access services for a portfolio of leading pharmaceutical partners. Our group of 600+ people across multiple markets works every day to ensure patients and consumers benefit from high-quality medical solutions.

MagnaPharm — One Team. One Solution.

Key Skills

Ranked by relevance

ai cloud cloud security microsoft defender incident response microsoft purview active directory cybersecurity group policy ai tools vault nist saas cis
Login to Apply
Posted
Jul 03, 2026
Type
Full-time
Level
Mid-Senior
Location
Bucharest

Industries

Pharmaceutical Manufacturing

Categories

Information Technology

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
malomatia
Related

Engineer - Cloud Security Architect

2026-07-02

Full-time
Not Applicable
Qatar
IT Services
Information Technology
View Job Details
Croda
Related

Cyber Security Specialist

2026-07-05

Full-time
Not Applicable
United Kingdom
Chemical Manufacturing
Engineering
View Job Details
AstraZeneca
Related

Software Developer / Data Engineer

2026-07-04

Full-time
Not Applicable
Poland
Pharmaceutical Manufacturing
Engineering