About our team
BCR is the place where you learn, grow, and contribute to shaping the future of banking. We are recognized as a school of excellence in banking, a top employer in the banking sector, and a team open to learning, where every colleague feels noticed and valued.
We are an organization that values people and supports them in having a life that brings fulfillment, security, and balance.
Your Role
As a ICT & Security Risk Manager, you’ll drive the execution of the ICT risk management framework, provide constructive challenge to Technology & Security teams, and ensure risks are monitored and reported effectively to support secure, resilient operations.
How you will contribute
- Maintain and enhance the ICT & Security Risk Policy, procedures, and assessment methodology, ensuring alignment with DORA and internal governance standards;
- Execute and coordinate enterprise-wide ICT risk assessments and targeted thematic reviews;
- Assess security findings and control weaknesses, validate risk severity, and ensure structured, risk-based remediation tracking;
- Provide effective 2nd line challenge to 1st line risk assessments, delivering pragmatic and actionable recommendations;
- Own and improve the ICT/Cyber risk register, ensuring accuracy, completeness, and audit readiness;
- Monitor risk treatment plans and mitigation effectiveness, escalating overdue or high-impact risks where necessary;
- Support NFR/Risk Acceptance governance, ensuring risk acceptances are properly justified, time-bound, and approved according to delegation rules;
- Build and maintain a meaningful KRI framework and deliver clear management-ready dashboards;
- Analyze trends across incidents, downtime, vulnerabilities, audit findings for forward-looking risk insights;
- Contribute to severe-but-plausible scenario analysis and resilience assessments, providing quantified impact assumptions and identifying control weaknesses;
- Lead the ICT change risk component by assessing high-risk changes, monitoring change-related KRIs, and challenging CAB/ECAB processes, post-implementation reviews, and rollback readiness – in collaboration with Technology, Security, Internal Audit, and Compliance.
What will help you be successful
- 4+ years of experience in ICT/cyber risk, tech audit/controls, security governance, or operational risk with strong IT exposure;
- Hands-on experience performing risk assessments, control evaluation, and preparing management-level risk reporting;
- Good understanding of regulatory expectations and industry best practices (DORA, NIST CSF, ISO 27001/27002, COBIT, ITIL);
- Strong analytical mindset and the ability to translate technical vulnerabilities into clear business risk implications;
- Confidence to act as a constructive challenger when working with senior technical stakeholders;
- High standards for documentation and evidence-based writing, delivering audit-ready outputs;
- Comfortable working with KRIs, thresholds, and trend analysis;
- Integrity, independence, and sound professional judgment in risk-based decision making;
- Certifications such as CISM, CISSP, CRISC, CISA, ISO 27001 LA/LI, ITIL, COBIT are an advantage;
- Exposure to third-party ICT risk, cloud risk governance, scenario analysis or operational resilience exercises is considered a plus.
Sounds like you'd be a good fit? Well, check out what we provide for our passionate people
- Monthly budget for flexible benefits through the Benefit Online platform;
- Performance-based bonus;
- Banking facilities, benefits for private pension and discounts on insurance policies;
- Gifts for special occasions;
- Private medical services for you and your family;
- Hybrid and flexible work schedule;
- Up to 27 vacation days depending on your professional experience;
- Extra 7 days off per year if you have used up your vacation days;
- One day off for your birthday;
- Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
- Subscription to Bookster.
To find out how BCR processes the personal data required in the recruitment process access https://www.bcr.ro/ro/cariere/informare-candidati
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Head of Cyber Security Engineering
2026-07-07
Senior DevOps Engineer (f/m/x)
2026-07-02
DevSecOps Engineer
2026-07-01
- Posted
- Apr 16, 2026
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Bucharest
- Company
- BCR
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Head of Cyber Security Engineering
2026-07-07
Senior DevOps Engineer (f/m/x)
2026-07-02
DevSecOps Engineer
2026-07-01