Cybersecurity Governance

Job description:

We are seeking an experienced
Cybersecurity Governance & Compliance Specialist
to oversee the development, implementation, and continuous improvement of our organization's cybersecurity governance practices, for
Bucharest
, within
KMG Rompetrol
.

Rompetrol,
part of
KMG International
, is the place where thousands of minds and over 200 specializations spread throughout 11 countries are connecting to each other to create the energy we all need to get further. We believe that through trial and perseverance, true ambition is inspired, and success achieved. With this reasoning, we intend to welcome you to our Rompetrol family and help you reach your full potential.

So, are you ready to fuel your career, in a diverse and fulfilling environment?

Your new role:
You will ensure compliance with NIS2 and other relevant regulations, lead the formulation of security policies, conduct risk and internal security assessments, and support the overall Governance, Risk, and Compliance (GRC) framework.

This position plays a critical role in bridging cybersecurity, legal, and business functions, helping to maintain a robust security posture and organizational resilience.

Activities going to help you shine:

• Lead the creation, review, enforcement, and lifecycle management of cybersecurity policies, standards, and procedures.
• Ensure continuous alignment with NIS2 directive and other applicable legal and regulatory requirements (Law 58/2023, OUG 155/2024, etc.
• Act as the primary point of contact for all cybersecurity GRC-related matters across the organization.
• Develop and deliver clear governance reports and risk insights to senior management and audit committees.
• Collaborate with legal and compliance teams to monitor regulatory changes and adjust policies accordingly.
• Drive security awareness and training programs, ensuring staff understand their role in protecting the organization.
• Participate in external security audits and risk assessments.
• Lead third-party/vendor risk management, including due diligence, assessments, and ongoing monitoring.
• Support data classification and governance practices, ensuring integration with security controls.
• Support application classification initiatives and supports BISO (Business Information System Owner) workflows.

The fuel needed to go further with us:

• Bachelor's or master's degree in information security, Information Systems, Law, or a related field.
• 3-5+ years of experience in information security governance, compliance, or risk management roles.
• In-depth understanding of NIS2, GDPR, and/or other relevant frameworks and regulatory environments.
• Proven experience conducting audits, risk assessments, and compliance reviews.
• Exceptional communication and stakeholder management skills.
• Relevant certifications (e.g., CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor) are a plus.

You will be supplied with:

• Meal tickets
• Vacation bonus
• The number of your vacation days increase according to your seniority so that you'll enjoy more free time.
• Access to private medical system (medical package) and special subscription rates for family members
• On site medical assistance
• Life and medical insurance
• Free days and financial support for personal events (marriage, childbirth, loss of a close relative)
• Study leave
• Christmas/1st of June celebration with a special gift for children
• Partners' discounts
• Access to training programs
• Supportive and professional teams and environment
• Bookster (borrow books for free, delivered in the office)
• Fuel discount in our gas stations with RompetrolGo+ card
• Short working schedule on Friday
• Flexible working program
• Hybrid schedule: 4 days at the office, 1 day remote

What you need to do now:
If you are interested in this role, go to "apply now" to send an updated copy of your resume.

Fuel your career and start a new journey with us
#GetFurtherWithUs