Location: Bucharest, Romania
Reports to: CIO, Magnapharm (solid line)
Dotted line: Group IT Security Manager / Group Security Lead, Dr. Max
Function: Group IT – Security
About the role:
You will be the hands-on security person for Magnapharm. Day-to-day you will monitor and respond to security events, drive NIS2 compliance across our entities, and help local IT teams keep things secure. As Magnapharm adopts AI tooling, you will also take ownership of AI license management and the security side of building and running internal AI agents — making sure we use these tools safely and in line with group policy.
The role reports to the Magnapharm CIO and works with a dotted line to the Group Security Lead at Dr. Max, aligning local delivery with group security strategy, standards and tooling.
Responsibilities:
Security operations & incident response
• Monitor security alerts, investigate incidents and coordinate response across Magnapharm entities.
• Run vulnerability management and track remediation with local and group IT teams.
• Maintain working knowledge of identity, cloud security (M365 / Azure).
NIS2 & compliance
• Own NIS2 implementation for Magnapharm: documentation, implementation, evidence collection and incident reporting.
• Support audits, risk assessments and third-party / supplier security reviews.
• Oversee security awareness training and phishing simulations.
AI license management & AI agents (security side)
• Manage AI tool licensing for Magnapharm — track usage, license allocation, access controls, and ensure approved tooling usage only.
• Define and enforce security and data-handling for AI use (data classification, access, logging, acceptable use).
• Support the build and rollout of internal AI agents—design, permissions, integrations, security and data flows before go-live.
• Work with the Group Security team to keep AI usage aligned with group policy and NIS2 obligations.
Microsoft platform security
• Own the end-to-end security posture of every Microsoft service in use at Magnapharm — Microsoft 365, Entra ID, Azure and the wider Microsoft cloud estate. Act as the accountable owner for security configuration, hardening and continuous improvement across these platforms, rather than only maintaining awareness of them.
• Endpoint & Intune: define and maintain device compliance policies, configuration profiles, app protection (MAM) and attack-surface-reduction rules; tie Conditional Access to device compliance; oversee Defender for Endpoint onboarding, BitLocker enforcement and patch/baseline compliance across all managed devices.
• Exchange Online: own email security through Exchange Online Protection and Defender for Office 365 (anti-phishing, anti-malware, Safe Links / Safe Attachments), manage mail-flow and transport rules, and maintain email authentication (SPF, DKIM, DMARC) to defend against spoofing and business email compromise.
• SharePoint Online, OneDrive & Teams: govern external sharing, manage sensitivity labels and DLP policies, and remediate oversharing — increasingly critical as Microsoft 365 Copilot and internal AI agents surface content based on existing permissions.
• Identity & access (Entra ID): drive Conditional Access, MFA, Privileged Identity Management (PIM), access reviews and app-registration / consent governance to enforce least privilege across the tenant.
• Data protection & monitoring: leverage Microsoft Purview (DLP, data classification, information protection, insider risk, audit) and Microsoft Defender XDR / Sentinel to detect, investigate and reduce risk across the Microsoft stack.
• Infrastructure security improvements: proactively assess and harden the Azure and on-premises infrastructure (private endpoints, Key Vault, RBAC, Active Directory) and come forward with concrete improvement proposals — not just findings. Track Microsoft Secure Score / Defender for Cloud Secure Score and drive measurable improvement over time.
• Apply and maintain Microsoft and CIS security baselines and continuously evaluate and roll out new Microsoft security capabilities as they become available.
Partnering
• Be the SPOC for local IT and business teams on security support.
• Work closely with the Dr. Max group security team on standards, tooling and reporting.
• Ensure full alignment with Dr.Max Group Security Lead directions
• SPOC for Nis2 communications with local authorities at group level.
What we are looking for:
• 3 – 4 years of hands-on experience in cybersecurity (SOC, security operations, GRC, or similar) – a strong plus, but not a hard requirement if you can demonstrate the right skills
• Working knowledge of identity, endpoint, network and cloud security (M365 / Azure).
• Real incident response experience — not just theory.
• Familiarity with ISO 27001, NIST CSF or similar frameworks.
• Awareness of NIS2 or comparable regulations.
• Understanding of AI / SaaS security and governance concepts, and an interest in how AI tools are secured and managed.
• Strong written English and Romanian.
About MagnaPharm
With 30 years in the pharmaceutical industry, MagnaPharm provides integrated marketing, medical and pharmacy promotion, distribution, regulatory and market access services for a portfolio of leading pharmaceutical partners. Our group of 600+ people across multiple markets works every day to ensure patients and consumers benefit from high-quality medical solutions.
MagnaPharm — One Team. One Solution.
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Engineer - Cloud Security Architect
2026-07-02
Cyber Security Specialist
2026-07-05
Software Developer / Data Engineer
2026-07-04
- Posted
- Jul 03, 2026
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Bucharest
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Engineer - Cloud Security Architect
2026-07-02
Cyber Security Specialist
2026-07-05
Software Developer / Data Engineer
2026-07-04