Risk & Compliance Security Specialist (Cybersecurity & IT Infrastructure Team)

We’re always looking for the ones truly passionate about their work. If you are amongst them, you can rest assured there is a place for you in eMAG. We’ve grown very fast and are determined to keep doing so. What brought us here is our desire for continuous evolution and practical results.

More than 6000 colleagues are part of eMAG Teams. We strongly believe in people's development and therefore every year we invest more and more energy and resources to remain an organization that is constantly learning. We want to ensure that you’ll have the most talented colleagues and the proper environment to grow and achieve great results, to become what you desire on a personal and professional level. Join us, grow faster!

Risk & Compliance Security Specialist (Cybersecurity & IT Infrastructure Team)

The Risk and Compliance Security Specialist will play an important role in implementing and managing the risk and compliance programs related to IT security. This position involves assessing, identifying, and mitigating risks, as well as ensuring the company's IT infrastructure complies with requisite standards and regulations.

What you’ll have to do:

Governance:

• Develop, implement, and maintain a robust IT security program aligned with regulatory and industry standards (ISO 27001, DORA, NIS2, PCI DSS, NIST CSF).
• Collaborate with senior leadership and business stakeholders to foster awareness of risk and compliance across the organization.
• Promote best practices and ensure alignment with broader governance objectives.
• Establish security baselines for both on-premise and cloud-based environments.
• Create and maintain IT governance policies, including access control, change management, data retention, and business continuity.
• Develop and maintain an incident response plan, ensuring a structured approach for detecting, containing, and recovering from security breaches
• Conduct regular training sessions for employees to raise awareness of IT risk and compliance issues.
  
  

Risk Management:

• Implement a robust IT risk management framework that supports proactive identification, assessment, mitigation, and monitoring of risks.
• Regularly review and update the framework to reflect changes in the internal and external environment.
• Conduct periodic IT risk assessments to identify vulnerabilities, assess potential impacts, and develop mitigation strategies.
• Collaborate with IT and business units to develop risk mitigation plans and ensure timely implementation.
• Manage a risk register, ensuring that identified risks are continuously monitored and addressed.
  
  

Compliance:

• Monitor regulatory changes and ensure organizational compliance with relevant laws and regulations (e.g., GDPR, DORA, NIS2, PCI-DSS).
• Stay updated on changes in regulatory requirements and assess their impact on the organization.
• Coordinate internal and external IT audits, ensuring all compliance requirements are met
• Ensure documentation is accurate, up-to-date, and readily accessible for audits and governance reviews.
  
  

Performance Measurement and Reporting:

• Develop key performance indicators (KPIs) and metrics to measure the effectiveness of IT risk and compliance programs.
• Provide regular reports and updates to governance bodies on progress, challenges, and areas for improvement.
  
  

What makes you a good fit:

• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• Relevant certifications such as CISA, CRISC, CISSP, or equivalent are preferred.
• Minimum of 3-5 years of experience in IT risk management or IT compliance.
• Extensive knowledge of industry standards and frameworks like ISO 27001, NIST, COBIT, etc.
• Strong analytical and problem-solving skills.
• Excellent communication skills, both written and verbal.
• Ability to work independently and as part of a team.
• Proficiency in using IT risk management tools and software.
• Experience with cloud security and compliance considerations.
• Strong understanding of IT security principles and best practices.
• Ability to interpret and apply regulatory requirements to IT environments.
• Familiarity with emerging IT risks and trends, such as cyber threats, data privacy, and digital transformation.
• Strong organizational and multitasking skills.
• Experience with auditing and monitoring tools.
  
  

What we’ve prepared for you:

• Medical subscription: Medicover, MedLife or Regina Maria.
• A flexible budget that you can invest in yourself as you wish: meal tickets, holiday tickets, cultural vouchers, private pension, foreign language classes, eMAG, Fashion Days, Therme & Genius, membership to different gyms or even professional development classes.
• Different discounts from our partners: banking, mobile, dental medicine or wellness.
• Access to the Bookster library and free credits on the Hilio psycho-emotional health platform.
• An accelerated learning environment, with access to over 100.000 curated online resources and platforms, learning academies and development programs.
• A friendly office. We redesigned our headquarter office to suit our hybrid work model: we doubled the number of meeting rooms and we equipped them with state-of-the-art technology.
  
  

Curious to find out more about the next step in your career? Apply now and if your experience is relevant for the role you wish, we will give you a call for more details! Also, here you can find our confidentiality policy if you want to consult it.