Apply Now

Chief Information Security Officer

Bucharest, Romania | Thales

  • Industry:
  • Position Type:
  • Functions:
    IT / Information Technology
  • Experience:
    10-12 years
Job Description:
65 people have viewed this job

The CISO is responsible for all aspects of information security and cyber security across all of IT including: developing and maintaining a robust security strategy with solid security policies; protocols and procedures across enterprise security architecture, security operations center, datacenter security, and network security including cloud and applications security with appropriate security measures and initiatives. This role also advises senior leaders and other stakeholders on the further development, implementation and management of a country-wide IT security infrastructure that contains appropriate control objectives for system integrity, availability, reliability, resilience, confidentiality and assurance to company, industry and international standards.

Key Areas of Responsibility:

Ensure strategic alignment of the Country approach to IS/IT Security is compliant with legal and regulatory requirements, Thales Group standards and aligned with business objectives.

Ensure confidentiality, integrity, and availability of information systems assets.

Ensure security program & plans are in place and actions are implemented to manage the risk of adverse impacts from any external or internal attack on the country IT/IS are reduced to an acceptable level.

Ensure appropriate budget and resources are allocated to support the security program at Thales country level

Be a member of the Group Information System Security Community – sets and approves IS security policy decisions and exceptions for Thales Group.

Ensure security incidents are coordinated and managed with the Central Security body through DGSI CISO

Undertake governance responsibilities for Thales Group IS security policy in Country. Design, preparation and dissemination of policies and procedures, which achieve, and maintain, compliance to the various security rules under which Thales country operates.

coordinate locally under the supervision of the Cert Incident Response Activities.

Review and audit current implementation of Security Controls for the company.

Gain acceptance of proposed security solutions by the various security accrediting bodies within Thales Group DGDICISO

Respect Group IS/IT standards and strategy.

Review strategies, operational changes and projects to ensure appropriate security controls are applied.

Define clear policies, procedures, and performance criteria for Site Information Systems Security Officers (ISSO) and IT staff who are involved in daily operational support processes that may affect security risks or compliance obligations for the company.

Define security related requirements during the Project Definition (“Design”) phase of projects so that security becomes a deliverable of IT projects where appropriate.

Review proposed enterprise architecture strategies and designs to ensure that new risks are not introduced into company, and to suggest changes that may increase functionality and help reduce existing risks.

Maintain an understanding of current and emerging security threats that may affect the company now or in the future.

Undertake forensic investigations and analysis as required on Thales computer assets in support of HR led investigations.

Liaise with Legal in regards to export control requirements in systems and manage any e-discovery requirements that Thales are required to undertake.

Undertake governance responsibilities for technology based Defence regulations and policies and report the Thales state of compliance to the Governmental Boards in charge.

Engage and represent Thales in professional industry forums so that external opinion of Thales Security program remains highly regarded.

Provide regular updates to the CIO and DGDI CISOregarding achievements , issues and goals.


Bachelors (Masters preferred) Information Technology and/or Information Security (Degree or equivalent).

10+ years of leadership experience overseeing security initiatives in a large, preferably global enterprise.

Obtained one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certification (GIAC), Project Management Professional (PMP) or other related certifications.

Demonstrable experience of emergency preparedness, critical incident management, business continuity and disaster recovery.

Experienced with large IT Infrastructure and/or IT security projects, e.g. firewall deployment, NAC implementation, web proxy upgrade etc.

Prior experience with information security framework, secure network architecture and design, cloud computing, and secure application architecture/design.

Proven experience of leading a dispersed, multi-site team.

Strong working knowledge of information security technologies, markets and vendors including firewall, intrusion detection, assessment and monitoring tools, encryption, certificate authority, and cloud networks.

Experienced in developing policies and procedures for identity and access management, security programs, security procedures, security standards, requirement definition, and project management plans.

Adept in creating business cases and user cases including the ramification of various system, network and application security decisions and recommendations.

Articulate with strong verbal and written communication skills including technical and non-technical audiences.

Other companies hiring with Ivy Exec

 Company Logos