IT Security and Governance Officer
Adaugat: Azi
HeyBlu
IT Security and Governance Officer
Adaugat: Azi
HeyBlu
Acest anunt este cu aplicare externa. Cand dati click pe Aplicare Externa veti fi redirectionat pe un alt site pentru a aplica.
HeyBlu is a Romanian e-money licensed fintech company that aims to provide financial services to customers and merchants operating in the e-commerce space. Our vision is to increase the financial power of e-commerce buyers & sellers, making a positive impact in their everyday lives. We do this by extending the purchasing power of retail shoppers in easy and convenient ways, while also helping e-commerce merchants with the capital needed to grow their business.
Being part of eMAG group, the largest e-commerce player in Romania, HeyBlu is focusing on building a financial offering for customers and merchants operating within the eMAG ecosystem by implementing an “embedded finance” approach. As part of the global Prosus group, we share the same purpose: “Improving everyday life for billions of people through technology”. In the HeyBlu team we are building an entrepreneurial, results-driven, agile, and collaborative culture based on the core values we share across the group: ownership, accountability, innovation, adaptability and customer focus.
As an IT Security and Governance Officer, your role is essential to ensure the implementation, monitoring, and continuous improvement of IT security measures and governance practices with regulatory and industry standards. In this role, you will act as a key figure in safeguarding the organization’s information systems, managing IT risks, and ensuring supplier compliance with regulations such as DORA, ISO 27001, and SOC 2.
What you’ll have to do:
- Define, monitor and periodically review security controls, ensuring sensitive payment and customer data are protected in accordance with internal policies, regulatory requirements and industry best practices.
- Develop, implement, and maintain a robust IT security framework aligned with regulatory and industry standards (ISO 27001, PCI DSS, NIST CSF).
- Establish security baselines for both on-premise and cloud-based environments.
- Conduct periodic IT risk assessments to identify vulnerabilities, assess potential impacts, and develop mitigation strategies.
- Manage a risk register, ensuring that identified risks are continuously monitored and addressed.
- Develop and maintain an incident response plan, ensuring a structured approach for detecting, containing, and recovering from security breaches.
- Lead investigations into security incidents and provide detailed reports with corrective action plans.
- Ensure compliance with data protection regulations (GDPR, PSD2) with a particular focus on Strong Customer Authentication (SCA) requirements.
- Create and maintain IT governance policies, including access control, change management, data retention, and business continuity.
- Align IT governance with frameworks such as COBIT and ITIL to ensure efficient operations.
- Coordinate internal and external IT audits, ensuring all compliance requirements are met.
- Monitor and report on key performance indicators (KPIs) for IT governance and security.
- Coordinate supplier security assessments and third-party risk reviews in line with DORA and internal governance requirements.
- Track remediation actions resulting from audits, risk assessments and security reviews, ensuring timely closure and appropriate risk treatment.
- Prepare periodic reports and dashboards for management, Risk Committee and regulatory stakeholders regarding IT risks, security posture and governance activities.
How we’d like you to be:
- With a Bachelor's degree in Computer Science, Information Security, Information Systems, Engineering or a related field.
- With a minimum of 3-5 years of experience in IT Security, IT Governance, Risk Management, Audit or Compliance-related roles.
- With experience working in regulated environments (financial services, banking, fintech or payment institutions) - considered an advantage.
- With experience in third-party risk management, supplier assessments and DORA requirements - considered an advantage.
- With professional certifications such as ISO 27001 Lead Auditor/Implementer, CISM, CISSP, CRISC or COBIT Foundation - considered a plus.
- With a strong technical background and understanding of IT infrastructure, cloud technologies and cybersecurity principles, which enable effective oversight of security, risk and governance activities.
- With proven experience in conducting IT assessments, including vendor audits.
- With a deep understanding of IT governance frameworks such as COBIT and compliance processes.
- With strong project management skills and the ability to manage multiple priorities effectively.
- With an analytical mindset, with a focus on identifying risks and proposing mitigation strategies.
We are committed to providing on the job training and learning opportunities for the selected candidate to become proficient in Mambu and related technologies. If you have a passion for technology and a drive to excel in a dynamic environment, we encourage you to apply.
Curious to find out more about the next step in your career? Apply now and if your experience is relevant for the role you wish, we will give you a call for more details!
Show more
Show less
Sfaturi de siguranta
- Nu trimiteti niciodata BANI in avans sau acte de identitate pentru aplicarea la un loc de munca. Nu trimiteti bani in avans pentru promisiuni de angajare sau alte oferte similare.
- Daca aveti impresia ca acest anunt nu este real, va rugam sa il raportati apasand butonul "Raporteaza Job"
This action will pause all job alerts. Are you sure?
Locuri de munca similare
Fii informat
Aboneaza-te la newsletter-ul nostru si primeste cele mai recente oferte de munca si informatii despre cariera direct in inbox-ul tau.
Securitatea datelor dumneavoastra este importanta pentru noi. Citeste Politica de confidentialitate.