IT Information Security Manager
- Job Ref: 4744
- Location: Co Dublin, Ireland
- Type: Permanent
IT Information Security Manager
Reporting to the Head of IT Security, the key purpose of the role is to implement and maintain a best practice Information Security Management System, working with IT and the wider business to act as a subject matter expert to develop the maturity of Information and Cyber Security.
The role will drive compliance to best practices, including the NIST Framework, ISO27001, GDPR and related standards, ensuring that these practices deliver a class-leading control environment across the full spectrum of IT business processes. Working on a team of IT security specialists, and working closely with technical teams responsible for IT, this role will assess the company’s information systems, and assist in the development of appropriate policies, standards, processes and procedures. The role includes developing and implementing Information Security Strategy for Identity and Access Management, managing Information Security and Privacy Training and Awareness programmes, and supporting our Cyber Incident Response Team (CIRT) and Security Operations Centre capabilities for IT and cyber incidents across the business.
Key Tasks & Responsibilities • Develop and manage our Information Security Management System (ISMS) to help ensure delivery of an Information Security strategy that supports business goals and objectives while minimising IT, legal and regulatory compliance risks • Work closely with IT and business stakeholders to develop Identity and Access Management strategy and guide stakeholders in implementing an integrated approach encompassing physical and logical access procedures for on-premise and cloud-based systems, serving the needs of diverse groups of users across multiple locations • Maintain Information Security and Privacy Awareness by developing and delivering training and awareness campaigns to ensure that the organisation is engaged and aware – actively measure awareness activity • Manage our IT and Cyber Security Risk profile – assess, evaluate and document IT Risk on an ongoing basis so that IT Management are aware of the IT Risk profile, highlighting changes in risk profile – report on IT Risk within the Enterprise Risk process quarterly • Perform technical IT Security controls reviews and tests to monitor and maintain compliance with our Information Security policies, corporate processes, and IT related regulation policies and standards, tracking remedial actions to completion • Maintain an up-to-date IT Operational Risk and Compliance Register – manage and report on mitigating actions • Support IT Architecture in implementing our Security by Design policy, performing and managing project and postimplementation reviews, including vulnerability scanning, reporting and mitigation management • Support the Data Protection Officer in implementing our Privacy by Design policy, performing and managing Data Protection Impact Assessments (DPIAs) • Support the Cyber Operations Manager by assuming the role of Incident Manager / CIRT lead as required, and ensure that procedures are adhered to, incidents are managed appropriately and consistently, and are reported in a timely manner.
Knowledge, Skills and Experience • Minimum of 8 years’ experience in Information / IT Security (at least 5 years of this experience in a technical IT role) • Experience of working in a dynamic environment – both technical and business in a demanding environment delivering 24/7/365 services to large customers • Extensive experience of IT and Cyber Security technologies and capabilities – analysing Indicators of Compromise (IoCs) as for attacks such as malware, phishing or insider threats – investigating IoCs and incidents utilising the latest tools and techniques to capture, document, develop, and present IT and Cyber Security data to stakeholders • Exposure to some or all of the following: advanced malware protection, firewalls and IDS / IPS, systems administration, client Operating Systems knowledge; Virtualization experience; Vulnerability Management, Security Information and Event Management tools, Threat Assessment, Malware technology, Malware handling and containment techniques • Knowledge of risk management, developing, deploying and tracking mitigation and remediation actions • Experience in developing security awareness and training programmes across diverse channels in a challenging and busy environment • Project management and delivery of new systems and services, including exposure to procurement processes • Stakeholder management and communications, with excellent report writing and presentation skills to both technical and nontechnical