The people we all rely on to make the world go round – they rely on Thales. Thales rely on its employees to invent the future: right here, right now.
Present in Romania for over 40 years, Thales is expanding its presence in the country by growing its Digital capabilities and by developing a Group Engineering Competence Centre (ECC). Operating from Bucharest, Thales delivers solutions in a number of core businesses, from ground transportation, space and defence, to security and aeronautics.
Several professional opportunities have arisen. If you are looking for the solidity of a Global Group that is at the forefront of innovation, but with the agility of a human structure that tailors to the personal development of its employees and allows opportunities for evolution in an international environment, then this is the place for you!
Position Summary
The Country CISO is responsible for all aspects of information security and cyber security across all of IT including: support developing, deploying and maintaining a robust security strategy with solid security policies; protocols and procedures across enterprise security architecture, security operations center, datacenter security, and network security including cloud and applications security with appropriate security measures and initiatives.
This role also advises senior leaders and other stakeholders on the further development, implementation and management of a country-wide IT security infrastructure that contains appropriate control objectives for system integrity, availability, reliability, resilience, confidentiality and assurance to company, industry and international standards.
Essential Functions / Key Areas of Responsibility
• Ensure strategic alignment of the Country approach to IS/IT Security is compliant with legal and regulatory requirements, Thales Group standards and aligned with business objectives.
• Ensure confidentiality, integrity, and availability of information systems assets.
• Ensure security program & plans are in place and actions are implemented to manage the risk of adverse impacts from any external or internal attack on the Country IT/IS are reduced to an acceptable level.
• Ensure appropriate budget and resources are allocated to support the security program at Thales country level
• Be a member of the Group Information System Security Community – sets and approves IS security policy decisions and exceptions for Thales Group.
• Ensure security incidents are coordinated and managed with the Central Security body through Regional CISO
• Undertake governance responsibilities for Thales Group IS security policy in Country. Design, preparation and dissemination of policies and procedures, which achieve, and maintain, compliance to the various security rules under which Thales country operates.
• coordinate locally under the supervision of the Cert Incident Response Activities.
• Review and audit current implementation of Security Controls for the company.
• Gain acceptance of proposed security solutions by the various security accrediting bodies within Thales Group Regional CISO
• Respect Group IS/IT standards and strategy.
• Review strategies, operational changes and projects to ensure appropriate security controls are applied.
• Define clear policies, procedures, and performance criteria for Site Information Systems Security Officers (ISSO) and IT staff who are involved in daily operational support processes that may affect security risks or compliance obligations for the company.
• Define security related requirements during the Project Definition (“Design”) phase of projects so that security becomes a deliverable of IT projects where appropriate.
• Review proposed enterprise architecture strategies and designs to ensure that new risks are not introduced into company, and to suggest changes that may increase functionality and help reduce existing risks.
• Maintain an understanding of current and emerging security threats that may affect the company, now or in the future.
• Undertake forensic investigations and analysis as required on Thales computer assets in support of HR led investigations.
• Liaise with Legal in regards to export control requirements in systems and manage any e-discovery requirements that Thales are required to undertake.
• Undertake governance responsibilities for technology based Defence regulations and policies and report the Thales state of compliance to the Governmental Boards in charge.
• Engage and represent Thales in professional industry forums so that external opinion of Thales Security program remains highly regarded.
• Provide regular updates to the CIO and Regional CISO regarding achievements, issues and goals
Minimum Requirements: Skills, Experience & Education
• Bachelors (Masters preferred) Information Technology and/or Information Security (Degree or equivalent).
• 10+ years of leadership experience overseeing security initiatives in a large, preferably global enterprise.
• Obtained one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certification (GIAC), Project Management Professional (PMP) or other related certifications.
• Demonstrable experience of emergency preparedness, critical incident management, business continuity and disaster recovery.
• firewall deployment, NAC implementation, web proxy upgrade etc.
• Prior experience with information security framework, secure network architecture and design, cloud computing, and secure application architecture/design.
• Proven experience of leading a dispersed, multi-site team.
• Strong working knowledge of information security technologies, markets and vendors including firewall, intrusion detection, assessment and monitoring tools, encryption, certificate authority, and cloud networks.
• Experienced in developing policies and procedures for identity and access management, security programs, security procedures, security standards, requirement definition, and project management plans.
• Adept in creating business cases and user cases including the ramification of various system, network and application security decisions and recommendations.
• Articulate with strong verbal and written communication skills including technical and non-technical audiences.
Preferred Qualifications
• Experienced in working within a centralized/decentralized matrix business environment.
• Knowledge of SEI’s CMMI model for secure software development.
• Broad experience of conducting risk assessments including presenting recommendations to c-suite
YOUR CAREER AT THALES:
Future opportunities will allow you to discover other domains or sites. You will be able to evolve and grow your competences in different areas:
- Room and attention to personal development.
- Build your talents in another domain of Thales Group, discovering new products, new customers, new country or go to a more complex Solution.
- Choose between a technical expertise or a leadership path.
- Build an international career within a leading Engineering Group.
- Work for different Thales domains & entities.
YOUR IMMEDIATE BENEFITS
- 24 holiday days a year
- Benefit Online
- A good work-life balance which includes flexible working hours
- A comprehensive compensation and benefit package including medical coverage & life insurance
- Hybrid Workplace
- O'Reilly & Udemy Subscription
YOUR WORKING LOCATION IN ROMANIA (hybrid work)
Hosted in the new state-of-the-art Orhideea Towers, our Bucharest site is home to over 400 employees working across the various Thales businesses. A modern facility with views of the city, we are across the street from Grozavesti subway station and tram stop.
At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!