Scope of work:
The Cybersecurity Framework & Policy Specialist realises and maintains the mapping between the ELI-NP cybersecurity architecture (incl. the capabilities and policy framework thereof) and the relevant national and international frameworks, standards, laws/regulations and speciality publications. Furthermore, the Cybersecurity Framework & Policy Specialist develops and continually updates the high-level cybersecurity policies and procedures of ELI-NP, and is actively involved in ensuring the alignment of the ELI-NP cybersecurity framework, policies and procedures with the organizational business strategy and initiatives. Additionally, he/she carries out cybersecurity compliance management activities (e.g. monitoring and implementing changes in regulatory/legal requirements).
Main Responsabilities:
- Developing and maintaining an up-to-date bidirectional mapping between the ELI-NP cybersecurity architecture, capabilities / functions, policies and procedures on the one hand, and relevant national and international frameworks (e.g. NIST Cybersecurity Framework), standards (e.g. ISO 27000 series), laws/regulations and speciality publications (e.g. NIST SP) on the other hand
- Developing, reviewing and continually updating the high-level cybersecurity policies and procedures of ELI-NP, in alignment with the relevant national and international cybersecurity frameworks, standards, regulations/laws and speciality publications
- Identifying and monitoring relevant national and international cybersecurity frameworks, standards, regulations/laws and speciality publications, as well as evaluating the changes/updates thereof and, if required, implementing these in the cybersecurity architecture, policies and procedures
- Continually analysing and providing feedback on whether the high-level cybersecurity policies and procedures of ELI-NP are aligned with the cybersecurity strategy and architecture, as well as with the business strategy and the relevant initiatives of ELI-NP
- Monitoring and, if needed/as appropriate, evaluating and ensuring that the internal cybersecurity principles, policies and procedures are known, implemented and followed throughout ELI-NP
- Promoting and raising the awareness of cybersecurity policies and procedures throughout ELI-NP, as needed/appropriate, and providing policy guidance to internal and external personnel
- Getting involved, as needed/applicable, in cybersecurity event/incident investigation and post-factum analysis processes
- Ensuring individual and collective cybersecurity knowledge refresh, acquisition and transfer, as well as risk landscape updates, through conceptual and literature research and review
Main Tasks:
Professional background:
- Higher education graduate
- Minimum five (5) years of experience working in cybersecurity, information assurance/security, and/or IT with an emphasis on cybersecurity
- Minimum three (3) years of experience in developing cybersecurity policies or procedures in an enterprise, governmental, research or similar (incl. project-based) environment
- Familiarity with relevant international cybersecurity methodologies, regulations, standards and guides
- Knowledge and understanding of principles, concepts and approaches used in a cybersecurity architecture
- Working experience with the NIST Cybersecurity Framework (core functions, controls, etc.) represents a significant advantage
- Familiarity with the NIST Special Publication 800 Series is considered a plus
- Experience in cybersecurity compliance management or awareness training are represent an advantage
- Understanding the characteristics and the constraints specific to industrial control systems and knowing relevant cybersecurity methodologies, standards, regulations or policies are considered an asset
- Specialist and advanced level certifications in cybersecurity are considered an asset
- Experience in inter-functional communication, in formal and informal settings
- Ability to handle complex tasks, complex analytical skills, proven ability to solve problems, ability to deliver when working under tight deadlines
- Good interpersonal skills, a strong team spirit and a result-oriented attitude
- Very good English skills (writing and speaking)
Working arrangements/Conditions of employment:
- Full time position, based in Bucharest - Magurele, Romania .
- Included: private medical coverage, paid annual leave.
- Motivating salary, at European level, based on qualifications and experience.
- The candidate should be available to travel abroad for scientific collaboration at various research infrastructures,
for part of their time.
- Part of a dynamic, well-structured, savvy and autonomous team operating with full Leadership support and with clear objectives in an international and friendly environment;
- Rare opportunity to tackle the cybersecurity challenges of a world-leading scientific project and of a complex environment going way beyond the ‘usual’ IT office/enterprise landscape and that interlaces Operational Technologies / Industrial Control Systems, data acquisition systems, scientific computing resources and building management systems.
- A chance to develop one’s career and to make a difference by analysing, designing, implementing and/or operating some of the newest cybersecurity capabilities within a robust and modern framework.
Applications:
The applications shall be accompanied by the documents requested in the Rules of Selection for this position.
The applications shall be sent to the Human Resources Department at human.resources@eli-np.ro