Sr Expert Cyber Resilience Risk & Compl.
Date: 9 Jun 2026
Location: Bucharest, RO, 013329
Company: OMV Group
Overview of the company
We, OMV Petrom Global Solutions, are proud members of the OMV IT community. OMV IT delivers industry best practice solutions which enable our business success in the Energy Production and Distribution industry. It is our vision to "Enable Success and Transformation!" and our mission to address this goal with the right capabilities, at the right time, with the right mindset.We are at the core of user experience on both sides of the isle: business and our consumer market. We challenge the status-quo. We are partnering with business experts to shape the future service portfolio of our digital tools. Thus, we have a key role in OMV’s Digital Transformation. Together, we are on a never-ending quest to test the edge of what is possible. We strongly believe each end every IT employee makes a difference in that respect.
Your tasks
- Responsible to validate, develop, govern and maintain the Information Security based IT/OT Regulatory Framework consisting of directives, standards, procedures and annexes for OMV Group and the implementation of related activities.
- Define and update information security compliance and risk management framework to ensure consistent application across OMV Petrom.
- Steer the implementation of compliance requirements and establish KPIs to measure effectiveness and maturity.
- Coordination of the yearly InfoSec Compliance Activity Plan as well as Supplier Assessment Activity Plan with main stakeholders and perform assessment activities.
- Determine the IT risk appetite and run regular risk assessments to capture the level of risk exposure on defined levels (i.e. sites, units, applications) and plan and implement related risk treatment measures to ensure a defined risk exposure as well as reporting of related KPIs.
- Ensure Supplier Security Management in line with legal requirements (such as NIS2) and international standards (e.g. ISO27001:2022). This includes defining processes, integrating security requirements into contracts (Information Security Legal Blocks), and conducting assessments as well as risk management activities.
- Ensure the implementation of the IT/OT Information Security Governance Framework in the course of merger & acquisition initiatives.
- Responsible to run and act as contact person related to input for Audits (external/internal) and reporting requirements in regards to IT Information Security Governance Framework (e.g. ISO 27K, NIS2, PCI-DSS).
- Support new or additional emerging service requests associated to the IT/OT governance function, such as ticket/task handling or other topics coming up based on given or new service operating models or on ad-hoc demands.
- Collaborate with internal departments (IT, Security, Legal, Operations, OT) to ensure group-wide compliance and effective implementation of policies.
Your skills
- Education: Bachelor’s degree IT or Business Management with focus on IT and Security
- Relevant professional experience: >12 years
- At least one cybersecurity relevant certifications would be required (e.g. CISA, CRISC, CISM, SSCP)
- Deep knowledge of NIS2, ISO 27001, PCI-DSS and other relevant cybersecurity regulations, with proven experience in developing, implementing, and maintaining compliance frameworks in a complex, regulated environment.
- Expert ability to translate group-wide compliance policies into actionable processes at the local level, while effectively collaborating with IT, Security, Legal, and Operations teams to ensure consistent and effective compliance across the organization.
- Extended expertise in IT and Information Security governance
- Excellent knowledge of the ServiceNow ITSM&IRM module
- Excellent knowledge and skill of M365 suite
- Advanced English skills – verbally and writing
Location
Bucharest
What OMV Petrom can offer
- Long weekend plans are always welcome - on Friday, our office hours end at 14.00.
- You can rely on a health insurance that covers medical treatment in a variety of private medical clinics.
- You can work from home, if the work activity allows.
- The number of your days off increase according to your work experience so that you'll enjoy more free time.
- We aim to make your vacation days happier, by paying each vacation day double.
- Are you a top performer? Your work can be rewarded each three months based on performance results.
- Additional days off and various financial support for different events like marriage, child birth, etc.
- Access to LinkedIn Learning and a variety of development programs.
- Do you prefer cars or bikes? We have free private covered parking.