-
BCR

Chief Information Security Officer

BCR
Romania · Full-time · Director

About our team

BCR is the place where you learn, grow, and contribute to shaping the future of banking. We are recognized as a school of excellence in banking, a top employer in the banking sector, and a team open to learning, where every colleague feels noticed and valued.

We are an organization that values people and supports them in having a life that brings fulfillment, security, and balance.

BCR is seeking a highly experienced and strategic Chief Information Security Officer (CISO) to lead and drive our information security strategy, ensuring the confidentiality, integrity, and availability of our critical assets through robust security management practices. As CISO, you will champion a risk-based approach to security, overseeing all aspects of information security management, including but not limited to, risk assessment, policy development, access control, incident response, and security awareness training. You will serve as a key advisor to executive management and the Board of Directors on all matters related to cybersecurity, information risk, and effective security management strategies.


How you will contribute


  • Strategic Leadership in Security Management: Develop, implement, and maintain a comprehensive information security management strategy aligned with the bank's business objectives and regulatory requirements, emphasizing a proactive and risk-based approach.
  • Stakeholder Management & Communication: Serve as the primary point of contact for all information security matters, building strong relationships with business units, IT departments, and executive leadership. You will represent the key relationship for business and support units as a manager and risk advisor regarding Information Security and its effective management.
  • Risk Management & Mitigation: Lead the organization's information security risk management program. Identify, assess, and mitigate information security risks across the organization, ensuring alignment with the risk appetite. You will be responsible for reviewing and challenging security measures and behaviors at the 1st Line of Defense (1LoD) level, in conjunction with senior management 1LoD, business line directors, and infrastructure units.
  • Policy & Procedure Development: Develop and maintain comprehensive security policies, standards, and procedures that align with industry best practices and regulatory requirements. Ensure effective communication and implementation of these policies across the organization.
  • Compliance & Audit: Ensure compliance with all applicable laws, regulations, and industry standards related to information security, including GDPR, PSD2, DORA and relevant banking regulations. Manage security audits and assessments, addressing findings and implementing corrective actions.
  • Security Architecture & Design: Oversee the design and implementation of secure IT architectures and systems, ensuring that security controls are integrated throughout the development lifecycle and effectively managed over time.
  • Incident Response & Recovery: Develop and maintain a robust incident response plan to effectively detect, respond to, and recover from security breaches and other incidents. Coordinates Information Security projects. Assists the Bank's response during a crisis situation (Crisis Management);
  • Security Awareness & Training: Develop and implement a comprehensive security awareness training program to educate employees on information security best practices, promoting a culture of security awareness and responsible security management. Is responsible for increasing 1LoD awareness among employees. Develops and maintains the security framework and strategy. Develops and coordinates the training program related to the Security framework and strategy, tools, and processes;
  • Board Communication & Reporting: Effectively communicate information security risks, management strategies, and initiatives to the Board of Directors and senior management, providing clear and concise updates on the bank's security posture and the effectiveness of security management practices.
  • Regulatory Interface: Represent the interface in the relationship with regulatory authorities regarding information security matters and its comprehensive management.
  • Controls Validation & Monitoring: Responsible for performing controls for the 2LoD security level: validates and challenges the reported risk and controls self-assessment, validates risk mitigation and acceptance, control points, key risk indicators, breaches, and risk escalation. Monitors IT Function adherence to the Security framework and evaluates the effectiveness of controls and overall security management.
  • Access Control Management: Ensure appropriate access controls are in place and effectively managed to protect sensitive information and systems.
  • User Rights Management: Coordinates the management of the regulatory framework specific to the processes of creating and administering user rights for the managed IT applications. Coordinates the processes of creating and allocating user rights for the managed IT applications, in accordance with the processes and responsibilities allocated to each function, with the segregation of duties in the development of user rights; ensuring effective access control management.
  • Vulnerability Management: Oversee the identification, assessment, and remediation of security vulnerabilities across the IT environment.


What will help you be successful

  • Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred.
  • Minimum of 6 years of experience in information security management, with at least 2 years in the financial-banking sector.
  • Minimum of 4 years of experience in a management role, with demonstrated leadership and team-building skills.
  • Extensive knowledge of information security principles, practices, and technologies, including risk management, security architecture, cryptography, and network security.
  • In-depth understanding of relevant regulatory requirements, including GDPR, PSD2, DORA, NIS2 and banking regulations and their impact on security management.
  • Proven ability to develop and implement information security management strategies that align with business objectives.
  • Excellent communication, interpersonal, and presentation skills, with the ability to effectively communicate with stakeholders at all levels of the organization, including the Board of Directors.
  • Strong analytical and problem-solving skills, with the ability to identify and assess complex security risks and develop effective management strategies.
  • Relevant certifications such as CISM, CISSP, CGEIT, or CRISC are highly desirable.
  • Proficiency in English is mandatory.
  • Adaptability and response to change, control, activity coordination, delegation, team development and motivation, overview thinking, systemic thinking, strategic thinking, guidance (coaching), decision-making, working with ambiguity, working under pressure, prioritization, public speaking, adherence to principles and values, relationship building. All crucial for effective security management.
  • Knowledge of technologies like SIEM, intrusion detection and prevention systems, vulnerability scanning tools, and other security-related technologies used in security management.

Familiarity with server and database security best practices and their effective management.


Sounds like you'd be a good fit? Well, check out what we provide for our passionate people

  • Monthly budget for flexible benefits through the Benefit Online platform;
  • Performance-based bonus;
  • Banking facilities, benefits for private pension and discounts on insurance policies;
  • Gifts for special occasions;
  • Private medical services for you and your family;
  • Hybrid and flexible work schedule;
  • Up to 27 vacation days depending on your professional experience;
  • Extra 7 days off per year if you have used up your vacation days;
  • One day off for your birthday;
  • Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
  • Subscription to Bookster.



To find out how BCR processes the personal data required in the recruitment process, please visit https://www.bcr.ro/ro/cariere/informare-candidati

Key Skills

Ranked by relevance

incident response gdpr security audits cybersecurity server cissp cism siem
Login to Apply
Posted
Jun 20, 2025
Type
Full-time
Level
Director
Location
Bucharest
Company
BCR

Industries

IT Services IT Consulting

Categories

Consulting

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
OPEN
Related

PHP Developer with French

2026-07-02

Full-time
Mid-Senior
Romania
IT Services
Consulting
View Job Details
Midagon
Related

Cyber Security Consultant

2026-07-02

Full-time
Mid-Senior
Sweden
Computer
Information Technology
View Job Details
typ
Related

Security Consultant

2026-07-02

Full-time
Mid-Senior
Netherlands
Computer
Engineering