Security Engineer

Aggregate function:  Technology
Business Area:  GT Global Cyber Security
Posting Country:  Romania
Date Posted:  15 Jul 2026
Full Time / Part Time:  Full Time
Contract Type:  Permanent

At Vodafone, we’re working hard to build a better future. A more connected, inclusive and sustainable world. As a dynamic global community, it's our human spirit, together with technology, that empowers us to achieve this. 

We challenge and innovate in order to connect people, businesses, and communities across the world. Delighting our customers and earning their loyalty drive us, and we experiment, learn fast and get it done, together.

With us, you can be truly be yourself and belong, share inspiration, embrace new opportunities, thrive, and make a real difference.

Join Us

At Vodafone, we’re not just shaping the future of connectivity for our customers – we’re shaping the future for everyone who joins our team. When you work with us, you’re part of a global mission to connect people, solve complex challenges, and create a sustainable and more inclusive world. If you want to grow your career whilst finding the perfect balance between work and life, Vodafone offers the opportunities to help you belong and make a real impact.

The Security Engineer (GRC) processes all assigned security analyses and completes all specific activities in the area of ​​Governance, Risk and Compliance in the field of Cybersecurity, following local and global procedures, with the aim of protecting customer and employee data and maintaining the integrity of the company's IT infrastructure.
Creates and maintains updated procedures necessary to resolve team-specific activities, provides support and guidance to team colleagues and maintains good collaboration with all departments within the company, both local and global.

What you’ll do

Main Responsibilities:
• Collaborates with various teams in the organization to manage cybersecurity risks, including suppliers
• Responsible for the end-to-end coordination of penetration tests for Vodafone assets, ensuring planning, defining the scope, organizing and facilitating their execution in collaboration with various stakeholders
• Manages the relationship with the teams involved, provides operational support during testing, distributes results to relevant parties and monitors the remediation of identified vulnerabilities.
• Ensures the escalation and recording of cyber risks in cases where remediation exceeds the agreed deadlines, contributing to effective risk management and compliance with security requirements.
• Knows and proposes updates for cybersecurity policies, control objectives, risk management processes and standards to align with regulations, best practices and local and group information security frameworks
• Oversees and leads cybersecurity risk management processes, including cybersecurity, controls the tracking and management of supplier risks
• Provides assistance to internal and external audits in the area of ​​Cybersecurity and follows up on the closure of associated findings on time, such as ISO27001, etc.
• Maintains updated and ensures risk reporting in dedicated IT systems such as RiskConnect or similar
• Processes risk sheets identified through Trust by Design and Prevention and Detection processes, Shadow IT
• Updates action plans in the centralized system with those responsible for closing the agreed measures and monitors monthly the actions that are about to expire to obtain an up-to-date status from them
• ​​Ensures the representation of the Cyber ​​team in local or group sessions for the continuous review of the risk management framework: CHARM or equivalent
• Analyzes the specific technologies of the communications industry, applicable regulatory requirements, global trends and methodologies for the development of information security solutions, to determine their impact on the governance framework of security risks
• Knows the applicable Security requirements in the essential security areas, user management, logging and monitoring, API Security, Cloud Security, VOIP Security, Mobile Application Security and Web Security, Network and Telco Equipment Security from the perspective of associated risks
• Responsible for reviewing the security requirements within the contracts signed by the organization with third parties to minimize information security risks in accordance with applicable procedures
• Monitors the implementation of procedures in the area of ​​Shadow IT, Trust by Design, Cyber ​​Defence and Prevent to ensure complete and correct registration of information security risks
• Manages the implementation of risk management projects following the cybersecurity strategy communicated by the team global management

Who you are

Skills, knowledge and experience:

• Project Management
• Risk Management
• Information Security
• Cyber ​​Risk Management in Supplier Relations

Note: Experience takes precedence over studies and other training courses.

• Projects: measurement and control skills, planning, project management,
• Team: teamwork skills, timely and concise information
• Personal profile: able to set priorities, problem-solving orientation, negotiation skills, monitoring compliance with deadlines, compliance with rules and procedures.
• Others: Word processing, spreadsheets, graphics, programming, English, written communication.

Experience in using risk management tools (e.g. RiskConnect, Archer, OneTrust, etc.)
Experience in using risk management methods and risk management methodologies
Experience in evaluating suppliers and partners from the perspective of cybersecurity risks

Required technical/professional certifications:
• University degree
• Minimum 5 years of experience in IT/telecom/IT audit
• Experience in IT risk management
• Good knowledge and understanding of IT communication protocols
• Experience in applying the ISO27001 standard
Other training courses and certifications (special knowledge required, e.g. driver's license, labor protection, etc., required for this position):

Information security certifications: CompTIA Security+, CISA, CRISC, ISO27001 LA, etc.

Not a perfect fit?

Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about empowering people and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to still apply as you may be the right candidate for this role or another opportunity.

What's in it for you

• Hybrid working regime 2 days from the office, 3 days remote
• Special discounts for Vodafone employees, Friends & Family offers
• Demo telephone subscription - unlimited (voice and data)
• Voucher for the purchase of a mobile phone
• Medical subscription to a top private clinic & other medical benefits
• Insurance for hospitalization and surgical interventions
• Life insurance
• Meal tickets
• Bookster subscription
• Participation in development programs and challenging projects in the leadership area
• Access to internal Wellbeing & Recognition events
• Extra vacation days (for seniority, special events, volunteering)
• You will benefit from specializations in your field of activity, through programs based on modern training methods and systems

Who we are

We are a leading international Telco, serving millions of customers. At Vodafone, we believe that connectivity is a force for good. If we use it for the things that really matter, it can improve people's lives and the world around us. Through our technology we empower people, connecting everyone regardless of who they are or where they live and we protect the planet, whilst helping our customers do the same.

Belonging at Vodafone isn't a concept; it's lived, breathed, and cultivated through everything we do. You'll be part of a global and diverse community, with many different minds, abilities, backgrounds and cultures. ;We're committed to increase diversity, ensure equal representation, and make Vodafone a place everyone feels safe, valued and included.

If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, please refer to https://careers.vodafone.com/application-adjustments/ for guidance.

Together we can.

Vodafone is committed to attracting, developing and retaining the very best people by offering a motivating and inclusive workplace in which talent is truly recognised and rewarded. We are committed to promoting Inclusion for All with the belief that diversity plays an important role in the success of our business. We actively encourage everyone to consider becoming a part of our journey.