About our team
BCR is the place where you learn, grow, and contribute to shaping the future of banking. We are recognized as a school of excellence in banking, a top employer in the banking sector, and a team open to learning, where every colleague feels noticed and valued.
We are an organization that values people and supports them in having a life that brings fulfillment, security, and balance.
BCR is seeking a highly experienced and strategic Chief Information Security Officer (CISO) to lead and drive our information security strategy, ensuring the confidentiality, integrity, and availability of our critical assets through robust security management practices. As CISO, you will champion a risk-based approach to security, overseeing all aspects of information security management, including but not limited to, risk assessment, policy development, access control, incident response, and security awareness training. You will serve as a key advisor to executive management and the Board of Directors on all matters related to cybersecurity, information risk, and effective security management strategies.
How you will contribute
- Strategic Leadership in Security Management: Develop, implement, and maintain a comprehensive information security management strategy aligned with the bank's business objectives and regulatory requirements, emphasizing a proactive and risk-based approach.
- Stakeholder Management & Communication: Serve as the primary point of contact for all information security matters, building strong relationships with business units, IT departments, and executive leadership. You will represent the key relationship for business and support units as a manager and risk advisor regarding Information Security and its effective management.
- Risk Management & Mitigation: Lead the organization's information security risk management program. Identify, assess, and mitigate information security risks across the organization, ensuring alignment with the risk appetite. You will be responsible for reviewing and challenging security measures and behaviors at the 1st Line of Defense (1LoD) level, in conjunction with senior management 1LoD, business line directors, and infrastructure units.
- Policy & Procedure Development: Develop and maintain comprehensive security policies, standards, and procedures that align with industry best practices and regulatory requirements. Ensure effective communication and implementation of these policies across the organization.
- Compliance & Audit: Ensure compliance with all applicable laws, regulations, and industry standards related to information security, including GDPR, PSD2, DORA and relevant banking regulations. Manage security audits and assessments, addressing findings and implementing corrective actions.
- Security Architecture & Design: Oversee the design and implementation of secure IT architectures and systems, ensuring that security controls are integrated throughout the development lifecycle and effectively managed over time.
- Incident Response & Recovery: Develop and maintain a robust incident response plan to effectively detect, respond to, and recover from security breaches and other incidents. Coordinates Information Security projects. Assists the Bank's response during a crisis situation (Crisis Management);
- Security Awareness & Training: Develop and implement a comprehensive security awareness training program to educate employees on information security best practices, promoting a culture of security awareness and responsible security management. Is responsible for increasing 1LoD awareness among employees. Develops and maintains the security framework and strategy. Develops and coordinates the training program related to the Security framework and strategy, tools, and processes;
- Board Communication & Reporting: Effectively communicate information security risks, management strategies, and initiatives to the Board of Directors and senior management, providing clear and concise updates on the bank's security posture and the effectiveness of security management practices.
- Regulatory Interface: Represent the interface in the relationship with regulatory authorities regarding information security matters and its comprehensive management.
- Controls Validation & Monitoring: Responsible for performing controls for the 2LoD security level: validates and challenges the reported risk and controls self-assessment, validates risk mitigation and acceptance, control points, key risk indicators, breaches, and risk escalation. Monitors IT Function adherence to the Security framework and evaluates the effectiveness of controls and overall security management.
- Access Control Management: Ensure appropriate access controls are in place and effectively managed to protect sensitive information and systems.
- User Rights Management: Coordinates the management of the regulatory framework specific to the processes of creating and administering user rights for the managed IT applications. Coordinates the processes of creating and allocating user rights for the managed IT applications, in accordance with the processes and responsibilities allocated to each function, with the segregation of duties in the development of user rights; ensuring effective access control management.
- Vulnerability Management: Oversee the identification, assessment, and remediation of security vulnerabilities across the IT environment.
What will help you be successful
- Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred.
- Minimum of 6 years of experience in information security management, with at least 2 years in the financial-banking sector.
- Minimum of 4 years of experience in a management role, with demonstrated leadership and team-building skills.
- Extensive knowledge of information security principles, practices, and technologies, including risk management, security architecture, cryptography, and network security.
- In-depth understanding of relevant regulatory requirements, including GDPR, PSD2, DORA, NIS2 and banking regulations and their impact on security management.
- Proven ability to develop and implement information security management strategies that align with business objectives.
- Excellent communication, interpersonal, and presentation skills, with the ability to effectively communicate with stakeholders at all levels of the organization, including the Board of Directors.
- Strong analytical and problem-solving skills, with the ability to identify and assess complex security risks and develop effective management strategies.
- Relevant certifications such as CISM, CISSP, CGEIT, or CRISC are highly desirable.
- Proficiency in English is mandatory.
- Adaptability and response to change, control, activity coordination, delegation, team development and motivation, overview thinking, systemic thinking, strategic thinking, guidance (coaching), decision-making, working with ambiguity, working under pressure, prioritization, public speaking, adherence to principles and values, relationship building. All crucial for effective security management.
- Knowledge of technologies like SIEM, intrusion detection and prevention systems, vulnerability scanning tools, and other security-related technologies used in security management.
Familiarity with server and database security best practices and their effective management.
Sounds like you'd be a good fit? Well, check out what we provide for our passionate people
- Monthly budget for flexible benefits through the Benefit Online platform;
- Performance-based bonus;
- Banking facilities, benefits for private pension and discounts on insurance policies;
- Gifts for special occasions;
- Private medical services for you and your family;
- Hybrid and flexible work schedule;
- Up to 27 vacation days depending on your professional experience;
- Extra 7 days off per year if you have used up your vacation days;
- One day off for your birthday;
- Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
- Subscription to Bookster.
To find out how BCR processes the personal data required in the recruitment process, please visit https://www.bcr.ro/ro/cariere/informare-candidati
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
PHP Developer with French
2026-07-02
Cyber Security Consultant
2026-07-02
Security Consultant
2026-07-02
- Posted
- Jun 20, 2025
- Type
- Full-time
- Level
- Director
- Location
- Bucharest
- Company
- BCR
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
PHP Developer with French
2026-07-02
Cyber Security Consultant
2026-07-02
Security Consultant
2026-07-02