Cybersecurity Framework & Policy Specialist

Cyber Security Compartment

    Scope of work:
    The Cybersecurity Framework & Policy Specialist realises and maintains the mapping between the ELI-NP cybersecurity architecture (incl. the capabilities and policy framework thereof) and the relevant national and international frameworks, standards, laws/regulations and speciality publications. Furthermore, the Cybersecurity Framework & Policy Specialist develops and continually updates the high-level cybersecurity policies and procedures of ELI-NP, and is actively involved in ensuring the alignment of the ELI-NP cybersecurity framework, policies and procedures with the organizational business strategy and initiatives. Additionally, he/she carries out cybersecurity compliance management activities (e.g. monitoring and implementing changes in regulatory/legal requirements).
    Main Responsabilities:
    • Developing and maintaining an up-to-date bidirectional mapping between the ELI-NP cybersecurity architecture, capabilities / functions, policies and procedures on the one hand, and relevant national and international frameworks (e.g. NIST Cybersecurity Framework), standards (e.g. ISO 27000 series), laws/regulations and speciality publications (e.g. NIST SP) on the other hand
    • Developing, reviewing and continually updating the high-level cybersecurity policies and procedures of ELI-NP, in alignment with the relevant national and international cybersecurity frameworks, standards, regulations/laws and speciality publications
    • Identifying and monitoring relevant national and international cybersecurity frameworks, standards, regulations/laws and speciality publications, as well as evaluating the changes/updates thereof and, if required, implementing these in the cybersecurity architecture, policies and procedures
    • Continually analysing and providing feedback on whether the high-level cybersecurity policies and procedures of ELI-NP are aligned with the cybersecurity strategy and architecture, as well as with the business strategy and the relevant initiatives of ELI-NP
    • Monitoring and, if needed/as appropriate, evaluating and ensuring that the internal cybersecurity principles, policies and procedures are known, implemented and followed throughout ELI-NP
    • Promoting and raising the awareness of cybersecurity policies and procedures throughout ELI-NP, as needed/appropriate, and providing policy guidance to internal and external personnel
    • Getting involved, as needed/applicable, in cybersecurity event/incident investigation and post-factum analysis processes
    • Ensuring individual and collective cybersecurity knowledge refresh, acquisition and transfer, as well as risk landscape updates, through conceptual and literature research and review
    • Main Tasks:
        Professional background:
        • Higher education graduate
        • Minimum five (5) years of experience working in cybersecurity, information assurance/security, and/or IT with an emphasis on cybersecurity
        • Minimum three (3) years of experience in developing cybersecurity policies or procedures in an enterprise, governmental, research or similar (incl. project-based) environment
        • Familiarity with relevant international cybersecurity methodologies, regulations, standards and guides
        • Knowledge and understanding of principles, concepts and approaches used in a cybersecurity architecture
        • Working experience with the NIST Cybersecurity Framework (core functions, controls, etc.) represents a significant advantage
        • Familiarity with the NIST Special Publication 800 Series is considered a plus
        • Experience in cybersecurity compliance management or awareness training are represent an advantage
        • Understanding the characteristics and the constraints specific to industrial control systems and knowing relevant cybersecurity methodologies, standards, regulations or policies are considered an asset
        • Specialist and advanced level certifications in cybersecurity are considered an asset
        • Experience in inter-functional communication, in formal and informal settings
        • Ability to handle complex tasks, complex analytical skills, proven ability to solve problems, ability to deliver when working under tight deadlines
        • Good interpersonal skills, a strong team spirit and a result-oriented attitude
        • Very good English skills (writing and speaking)
        Working arrangements/Conditions of employment:
        • Full time position, based in Bucharest - Magurele, Romania .
        • Included: private medical coverage, paid annual leave.
        • Motivating salary, at European level, based on qualifications and experience.
        • The candidate should be available to travel abroad for scientific collaboration at various research infrastructures, for part of their time.
        • Part of a dynamic, well-structured, savvy and autonomous team operating with full Leadership support and with clear objectives in an international and friendly environment;
        • Rare opportunity to tackle the cybersecurity challenges of a world-leading scientific project and of a complex environment going way beyond the ‘usual’ IT office/enterprise landscape and that interlaces Operational Technologies / Industrial Control Systems, data acquisition systems, scientific computing resources and building management systems.
        • A chance to develop one’s career and to make a difference by analysing, designing, implementing and/or operating some of the newest cybersecurity capabilities within a robust and modern framework.
        The applications shall be accompanied by the documents requested in the Rules of Selection for this position.
        The applications shall be sent to the Human Resources Department at