Head of Cyber
at Definitive
Dublin, County Dublin, Ireland -
Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
---|---|---|---|---|---|---|---|
Immediate | 22 Dec, 2024 | Not Specified | 24 Sep, 2024 | N/A | Good communication skills | No | No |
Required Visa Status:
Citizen | GC |
US Citizen | Student Visa |
H1B | CPT |
OPT | H4 Spouse of H1B |
GC Green Card |
Employment Type:
Full Time | Part Time |
Permanent | Independent - 1099 |
Contract – W2 | C2H Independent |
C2H W2 | Contract – Corp 2 Corp |
Contract to Hire – Corp 2 Corp |
Description:
Head of Cyber, Dublin, Ireland, c€110K, 10% bonus, BUPA, pension (10% company, 5% you).
You must have a strong technical background in Cybersecurity with experience of both cloud and on-premise. People and vendor management experience is key as is someone who has either looked after a group of companies or has consultancy type experience dealing with a variety of clients.
The role:
This role is responsible for ensuring that all the businesses across our portfolio have correct and appropriate security controls in place. Each business is at a different stage of maturity, and the nature of the role will differ by business. The person in this role will define and clearly articulate risk-based security requirements aligned with industry standards, develop roadmaps for their implementation, and lead the work to ensure that they are implemented. Some of this work may be conducted by others, some may be by the person in this role.
Responsibilities:
- Develop, implement, and maintain the cybersecurity program for each business:
- Conduct periodic risk assessments, aligned with industry standards
- Keep up to date with the needs of various regulatory bodies, and develop and maintain policies and procedures that meet those needs
- Maintain and deliver on the security roadmap for each business, aligned to their risk assessment
- Where needed, assist businesses with achieving accreditation and completing attestations (e.g. Cyber Essentials Plus, SOC 2 Type 2, ISO 27001, NYDFS 23 NYCRR Part 500)
- Implement and manage technical controls (including but not limited to):
- Deploy and manage tools as needed - utilising the Microsoft 365 suite of products as far as possible
- Support the end-user computing team, to ensure that necessary controls are in place
- Manage periodic access reviews, security awareness training, phishing simulations, and any other regular controls as needed. This may be undertaken in partnership with business team members, or it may need to be conducted in its entirety by the person in this role
- Maintain and regularly review asset registers
- Develop processes for and implement technology to support effective information management and governance
- Manage vendors and teams:
- Whilst this role has no internal direct reports, it is expected that this role will supervise an offshore partner team of specialists, as well as a collection of software and service vendors
- Perform and maintain assessments of, and a register of current and potential vendors
- Advocate and inform:
- Promote a culture of strong information security - each business, in particular the leadership of each business should be kept aware of the cyber risks and regulations that may affect their business, and team members should look out for and check each other
- Develop a governance program to manage any deviations (or requested deviations) from policy or standards
- Manage incidents:
- Develop and support business continuity and disaster recovery planning and execution
- Ensure that appropriate monitoring and reporting is in place, and in the event of a cyber security incident, manage the incident response in line with agreed procedures
- Documentation:
- Develop SLAs and produce regular reporting as required by the group and by each business
- Keep each business and as required by regulation, their boards, informed on the security program and any threats and incidents related to that business
- Ensure that documentation exists and is kept up-to-date for all security processes.
Your background / experience:
Degree in Computer Science, Cybersecurity or related discipline
ISC2 or ISACA certifications and / or Microsoft Security certifications would be advantageous
People and vendor management
Desire to travel and spend time with people
Deep technical cybersecurity knowledge and expertise, both for cloud and on-premise
Zero trust principles and practical implementation experience including ZTNA
Strong Microsoft security tool implementation and administration experience, across M365 and Azure
Understanding of and ability to implement Apple device security controls
Software development security including - OWASP, SCA, SAST, DAST etc.
This Head of Cyber role is based in Dublin, Ireland but could be based out of London for a very flexible candidate regarding travel etc. It pays c€110K, 10% bonus, BUPA, pension (10% company, 5% you). It will be hybrid with 2-3 days in the office each week with flexibility to visit other company sites as required
How To Apply:
Incase you would like to apply to this job directly from the source, please click here
Responsibilities:
- Develop, implement, and maintain the cybersecurity program for each business:
- Conduct periodic risk assessments, aligned with industry standards
- Keep up to date with the needs of various regulatory bodies, and develop and maintain policies and procedures that meet those needs
- Maintain and deliver on the security roadmap for each business, aligned to their risk assessment
- Where needed, assist businesses with achieving accreditation and completing attestations (e.g. Cyber Essentials Plus, SOC 2 Type 2, ISO 27001, NYDFS 23 NYCRR Part 500)
- Implement and manage technical controls (including but not limited to):
- Deploy and manage tools as needed - utilising the Microsoft 365 suite of products as far as possible
- Support the end-user computing team, to ensure that necessary controls are in place
- Manage periodic access reviews, security awareness training, phishing simulations, and any other regular controls as needed. This may be undertaken in partnership with business team members, or it may need to be conducted in its entirety by the person in this role
- Maintain and regularly review asset registers
- Develop processes for and implement technology to support effective information management and governance
- Manage vendors and teams:
- Whilst this role has no internal direct reports, it is expected that this role will supervise an offshore partner team of specialists, as well as a collection of software and service vendors
- Perform and maintain assessments of, and a register of current and potential vendors
- Advocate and inform:
- Promote a culture of strong information security - each business, in particular the leadership of each business should be kept aware of the cyber risks and regulations that may affect their business, and team members should look out for and check each other
- Develop a governance program to manage any deviations (or requested deviations) from policy or standards
- Manage incidents:
- Develop and support business continuity and disaster recovery planning and execution
- Ensure that appropriate monitoring and reporting is in place, and in the event of a cyber security incident, manage the incident response in line with agreed procedures
- Documentation:
- Develop SLAs and produce regular reporting as required by the group and by each business
- Keep each business and as required by regulation, their boards, informed on the security program and any threats and incidents related to that business
- Ensure that documentation exists and is kept up-to-date for all security processes
REQUIREMENT SUMMARY
Min:N/AMax:5.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Software Engineering
Graduate
Proficient
1
Dublin, County Dublin, Ireland