Information Security Officer

My Dublin City Centre based client is recruiting for an Information Security Officer to join the team on a permanent basis. This role will be working off a hybrid model. The Information Security Officer will be responsible for the management of overall information security governance according to the Information Security Management System framework. The Information Security Officer will be responsible for to manage and monitor security measures for the protection of computer networks & information. This will also include the definition of the day to day information security authorisation on key controls, monitoring, audit and reporting on Information Security controls.

The Information Security Officer will also have experience of managing external IT vendors  ideally within the finance sector and have knowledge of relevant technology deployed within the company to cover databases, network infrastructure, desktop solutions and Cloud Infrastructure.

The Information Security Officer will require a good understanding of the business and the applicable legal & regulatory in particular data protection requirements with a deep experience of IT systems. Networks & IT security protocols, together with a rounded knowledge of operational processes and internal control methodologies relating to IT risk & cyber risks.

Job Responsibilities

• Information Security technical leadership
• Governance & standard development and monitoring
• Security Incident Management
• Cyber Risk management
• Driving Information Security awareness
• Ownership

Experience Required

Security Incident Management

• You will have ownership & management of the Information Security Incident Management Process.
• You will manage incidents & follow-up actions, agreeing the required actions & ensuring that all required actions are carried out as required.
• You will manage the documentation of policies, procedures, security guidelines & runbooks to assist in the timely resolution of Security Incidents
• You will assist with development of relevant BCP plans for IT & business from a security perspective
• You will  ensure that the business process documentation created as part of the ISMS creation is maintained as and when processes
• Security Incidents managed & closed out as required
• Escalation of incidents within agreed timeframes
• Adequate & robust testing of BCP plan
• You will ensure all new implementations are included in BCP plan/solution

Cyber Risk

• Oversight, management, & reporting on all risks pertaining to information security, including all forms of cyber risk & all risks relating to the protection of personal data throughout the business in all locations.
• You will develop & monitor Key Risk Indicators (KRI) & Key Performance Indicators (KPI), relating to the information security controls of the business.
• You will assist in the assessment of risk to the security of information, assets, and personnel.
• Assist in management of cyber risk including risk reviews and mitigation Risk assessments carried out to standard, to agreed schedule, and as required.
• Ensure complete & accurate risk register in place and monitored. 

Governance / Standards

• You will maintain & develop information security documentation to agreed standards
• You will facilitate of external information security audits, management reviews & internal information security audits.
• You will define & manage the monitoring of key measures of ISMS performance.
• Documentation that meets standards & drives processes.
• Audits progressed smoothly & with least disruption to the business as possible.
• All agreed security KPIs including security controls monitored and reported as required.

Information Security Technical leadership

• You will drive & coordinate the management of security through the sharing of ideas between key security players, the monitoring of threats & subsequent identification for opportunities for improvement, & the on-going monitoring of security activity (e.g., pen testing actions) to meet targets & drive & manage the development of information security to ensure approaches, techniques & tools continue to meet need.
• You will ensure that the team becomes an active part of projects to ensure that all projects take information security into account & to carry out – or oversee – information security risk assessments and ensure that the results are acted
• Providing training, coaching and internal consultancy to the business at all levels in relation to the Information Security Management System, the NIST framework and a wide variety of IT controls and information security controls, and also in respect of new and evolving IT standards, cyber risks, and information security issues.

Cyber Risk Management

• Preparation, management &reporting of the Information Security Risk Assessment in conjunction with the overall Business Operational Risk Assessment
• Reporting on Key Risk Indicators and Key Performance Indicator
• Provide IT and information security control risk input into projects from inception
• Contributing to the creation of a culture of risk awareness and the highest standards of corporate governance.
• Preparation, management, and reporting of the Information Security Risk Assessment in conjunction with the overall Business Operational Risk Assessment
• Assess operational risks associated to day-to-day activities and implement risk mitigation controls as necessary.
• Ensure operational risk events are reported on a timely basis and risk event actions are completed within agreed timelines.

Customer Management         

• Maintain effective relations with all key stakeholders across company
• Commits to exceeding expectations and needs to internal/external customers, possesses “customer first” mind set.
• Quality and timeliness of communication updates to all relevant parties
• Ensures that work is accurate and well presented, that customer care is given priority above all else and that in both areas effort is made to exceed the minimum standard required.
• Ensure appropriate service is delivered at all times, across all business lines and that feedback is sought from key stakeholders to fully assess the service quality.

Essential and Desirable Skills

• At least 5 years’ experience in Information Security, and experience in people and IT management
• Experience in security tools and solutions and reporting Project management
• Management experience that encompasses information systems or information security experience
• Relevant certification is preferred:
• (CISSP, CISM, CRISC, CCRO) along with following experience
• Internal audit knowledge
• Risk analysis – systems/projects/changes
• Security technical knowledge / skills
• Information Systems such as Active Directory, Firewalls, Network, Storage, QRadar/SIEM
• IT hardware, software, process appreciation
• Office 365
• Microsoft Exchange
• PaaS
• SaaS

Educational Requirements

Relevant third level degree qualification in IT or equivalent industry qualifications (CISSP, MCP)

Relevant certification is preferred:

(CISSP, CISM, CRISC, CCRO) along with following experience

Working Hours & Benefits

• 38 Hour Working Week
• Pension
• Bonus
• Healthcare
• Hybrid Working
• Tax Saver Ticket