Cybersecurity Framework & Policy Specialist

Cyber Security Compartment


    Scope of work:
    The Cybersecurity Framework & Policy Specialist realises and maintains the mapping between the ELI-NP cybersecurity architecture (incl. the capabilities and policy framework thereof) and the relevant national and international frameworks, standards, laws/regulations and speciality publications. Furthermore, the Cybersecurity Framework & Policy Specialist develops and continually updates the high-level cybersecurity policies and procedures of ELI-NP, and is actively involved in ensuring the alignment of the ELI-NP cybersecurity framework, policies and procedures with the organizational business strategy and initiatives. Additionally, he/she carries out cybersecurity compliance management activities (e.g. monitoring and implementing changes in regulatory/legal requirements).
    Main Responsabilities:
    • Developing and maintaining an up-to-date bidirectional mapping between the ELI-NP cybersecurity architecture, capabilities / functions, policies and procedures on the one hand, and relevant national and international frameworks (e.g. NIST Cybersecurity Framework), standards (e.g. ISO 27000 series), laws/regulations and speciality publications (e.g. NIST SP) on the other hand
    • Developing, reviewing and continually updating the high-level cybersecurity policies and procedures of ELI-NP, in alignment with the relevant national and international cybersecurity frameworks, standards, regulations/laws and speciality publications
    • Identifying and monitoring relevant national and international cybersecurity frameworks, standards, regulations/laws and speciality publications, as well as evaluating the changes/updates thereof and, if required, implementing these in the cybersecurity architecture, policies and procedures
    • Continually analysing and providing feedback on whether the high-level cybersecurity policies and procedures of ELI-NP are aligned with the cybersecurity strategy and architecture, as well as with the business strategy and the relevant initiatives of ELI-NP
    • Monitoring and, if needed/as appropriate, evaluating and ensuring that the internal cybersecurity principles, policies and procedures are known, implemented and followed throughout ELI-NP
    • Promoting and raising the awareness of cybersecurity policies and procedures throughout ELI-NP, as needed/appropriate, and providing policy guidance to internal and external personnel
    • Getting involved, as needed/applicable, in cybersecurity event/incident investigation and post-factum analysis processes
    • Ensuring individual and collective cybersecurity knowledge refresh, acquisition and transfer, as well as risk landscape updates, through conceptual and literature research and review
    • Main Tasks:
        Professional background:
        • Higher education graduate
        • Minimum five (5) years of experience working in cybersecurity, information assurance/security, and/or IT with an emphasis on cybersecurity
        • Minimum three (3) years of experience in developing cybersecurity policies or procedures in an enterprise, governmental, research or similar (incl. project-based) environment
        • Familiarity with relevant international cybersecurity methodologies, regulations, standards and guides
        • Knowledge and understanding of principles, concepts and approaches used in a cybersecurity architecture
        • Working experience with the NIST Cybersecurity Framework (core functions, controls, etc.) represents a significant advantage
        • Familiarity with the NIST Special Publication 800 Series is considered a plus
        • Experience in cybersecurity compliance management or awareness training are represent an advantage
        • Understanding the characteristics and the constraints specific to industrial control systems and knowing relevant cybersecurity methodologies, standards, regulations or policies are considered an asset
        • Specialist and advanced level certifications in cybersecurity are considered an asset
        • Experience in inter-functional communication, in formal and informal settings
        • Ability to handle complex tasks, complex analytical skills, proven ability to solve problems, ability to deliver when working under tight deadlines
        • Good interpersonal skills, a strong team spirit and a result-oriented attitude
        • Very good English skills (writing and speaking)
        Working arrangements/Conditions of employment:
        • Full time position, based in Bucharest - Magurele, Romania .
        • Included: private medical coverage, paid annual leave.
        • Motivating salary, at European level, based on qualifications and experience.
        • The candidate should be available to travel abroad for scientific collaboration at various research infrastructures, for part of their time.
        • Part of a dynamic, well-structured, savvy and autonomous team operating with full Leadership support and with clear objectives in an international and friendly environment;
        • Rare opportunity to tackle the cybersecurity challenges of a world-leading scientific project and of a complex environment going way beyond the ‘usual’ IT office/enterprise landscape and that interlaces Operational Technologies / Industrial Control Systems, data acquisition systems, scientific computing resources and building management systems.
        • A chance to develop one’s career and to make a difference by analysing, designing, implementing and/or operating some of the newest cybersecurity capabilities within a robust and modern framework.
        Applications:
        The applications shall be accompanied by the documents requested in the Rules of Selection for this position.
        The applications shall be sent to the Human Resources Department at human.resources@eli-np.ro

    APPLY FOR THIS JOB: