Job Description
To support the development and communication of information security policies which ensure clients networks and information systems are protected from risk and unauthorised access. To co-ordinate and drive the development and implementation of consistent security standards and processes across the clients.
Responsibilities
- Contribute to the development and communication of information security policies and monitor on-going compliance
- Co-ordinate and drive development and implementation of consistent security standards and guidelines across the clients in line with policy
- Manage the process to manage and maintain information security policies and standards on an on-going basis
- Develop and operate the eir group information cyber security awareness and training programme
- Identify and manage information security requirements and engage with other areas to establish information security requirements arising from legal or regulatory requirements
- Analyse and manage exceptions to information security policy, and ensure policy is relevant to the on-going achievement of our objectives
- Provide advice and guidance to clients in respect of information security requirements and policy
- Monitor emerging security threats and developments to identify requirements for new or changed policies
- Maintain the performance of the Business Access Review processes, improve data integrity in Identity & Access Management and enhance the Joiner Mover Leavers process
- Manage client’s Statutory & Regulatory IT Audit as the primary escalation contact and work with relevant stakeholder to close identified risks
- Represent IT Security during ISO Audits ensuring that the evidence for information security is up to date and in line with expectations
- Monitor and ensure effective operation of security related activities undertaken within other areas (e.g. access management, patching, management of Endpoint Protection & Endpoint Encryption
- Compile and produce information security and compliance reports and metrics
- Participate in CSIRT (Cyber Security Incident/threat Response Team) planning or response activity as required in cases of major security threats or incidents
- Test and evaluate security products
Role Specific Skills
- Broad knowledge and experience of information security policies, processes, and best practices
- Strong knowledge of network and information security standards
- Ability to communicate with system administrators and other technical staff regarding security standards
- Minimum of 3 – 5 years relevant experience required
- Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
- Understanding of patch management
- Experience of developing or delivering security awareness materials
- Previous experience in information security management activities
- Working knowledge of relevant industry standards (e.g. NIS & NIS2)
- Security certification (e.g. CISSP, CCIE) an advantage
- Relevant 3rd level degree
Competency Profile
- Problem Solving (2)
- Change Orientation (2)
- Results Focus (2)
- Teamwork (3)
- Oral and Written Communication (3)
- Influencing and Winning Commitment (3)