Share this job
Lead Security Engineer
Apply for this job

Lead Security Engineer

Dublin (Hybrid)

Salary - Open


This role is responsible for ensuring that all the businesses across our portfolio have correct and appropriate security controls in place. Each business is at a different stage of maturity, and the nature of the role will differ by business. The person in this role will define and clearly articulate risk-based security requirements aligned with industry standards, develop roadmaps for their implementation, and lead the work to ensure that they are implemented. Some of this work may be conducted by others, some may be by the person in this role.


Job Description


Develop, implement, and maintain the cybersecurity program for each business:

  • Conduct periodic risk assessments, aligned with industry standards
  • Keep up to date with the needs of various regulatory bodies, and develop and maintain policies and procedures that meet those needs
  • Maintain and deliver on the security roadmap for each business, aligned to their risk assessment
  • Where needed, assist businesses with achieving accreditation and completing attestations (e.g. Cyber Essentials Plus, SOC 2 Type 2, ISO 27001, NYDFS 23 NYCRR Part 500)

Implement and manage technical controls (including but not limited to):

  • Deploy and manage tools as needed – utilising the Microsoft 365 suite of products as far as possible
  • Support the end-user computing team, to ensure that necessary controls are in place
  • Manage periodic access reviews, security awareness training, phishing simulations, and any other regular controls as needed. This may be undertaken in partnership with business team members, or it may need to be conducted in its entirety by the person in this role
  • Maintain and regularly review asset registers
  • Develop processes for and implement technology to support effective information management and governance

Manage vendors and teams:

  • Whilst this role has no internal direct reports, it is expected that this role will supervise an offshore partner team of specialists, as well as a collection of software and service vendors
  • Perform and maintain assessments of, and a register of current and potential vendors

Advocate and inform:

  • Promote a culture of strong information security - each business, in particular the leadership of each business should be kept aware of the cyber risks and regulations that may affect their business, and team members should look out for and check each other
  • Develop a governance program to manage any deviations (or requested deviations) from policy or standards


Manage incidents:

  • Develop and support business continuity and disaster recovery planning and execution
  • Ensure that appropriate monitoring and reporting is in place, and in the event of a cyber security incident, manage the incident response in line with agreed procedures


Documentation:

  • Develop SLAs and produce regular reporting as required by the group and by each business
  • Keep each business – and as required by regulation, their boards – informed on the security  program, and any threats and incidents related to that business
  • Ensure that documentation exists and is kept up-to-date for all security processes


Required Software 

Microsoft, Apple, Security-specfic software 

ISC2 or ISACA certifications and/or Microsoft Security Certifications advantageous

Work Experience

Strong, recent hands-on technical experience as well as demonstrable people management and vendor management experience



Competencies

Behavioural Competencies

  • Exceptional customer service, but able to resist where appropriate
  • Focus on governance and documentation
  • People and vendor management
  • Constantly striving to keep on top of cyber trends and topics
  • Desire to travel and spend time with people

Technical Competencies

  • Deep technical cybersecurity knowledge and expertise, both for cloud and on-premise
  • Zero Trust principles and practical implementation experience, including ZTNA
  • Strong Microsoft security tool implementation and administration experience, across M365 and Azure
  • Understanding of, and ability to implement Apple device security controls
  • Software development security (including OWASP, SCA, SAST, DAST, etc.)



Apply for this job
Powered by