Lead Security Engineer
Dublin (Hybrid)
Salary - Open
This role is responsible for ensuring that all the businesses across our portfolio have correct and appropriate security controls in place. Each business is at a different stage of maturity, and the nature of the role will differ by business. The person in this role will define and clearly articulate risk-based security requirements aligned with industry standards, develop roadmaps for their implementation, and lead the work to ensure that they are implemented. Some of this work may be conducted by others, some may be by the person in this role.
Job Description
Develop, implement, and maintain the cybersecurity program for each business:
- Conduct periodic risk assessments, aligned with industry standards
- Keep up to date with the needs of various regulatory bodies, and develop and maintain policies and procedures that meet those needs
- Maintain and deliver on the security roadmap for each business, aligned to their risk assessment
- Where needed, assist businesses with achieving accreditation and completing attestations (e.g. Cyber Essentials Plus, SOC 2 Type 2, ISO 27001, NYDFS 23 NYCRR Part 500)
Implement and manage technical controls (including but not limited to):
- Deploy and manage tools as needed – utilising the Microsoft 365 suite of products as far as possible
- Support the end-user computing team, to ensure that necessary controls are in place
- Manage periodic access reviews, security awareness training, phishing simulations, and any other regular controls as needed. This may be undertaken in partnership with business team members, or it may need to be conducted in its entirety by the person in this role
- Maintain and regularly review asset registers
- Develop processes for and implement technology to support effective information management and governance
Manage vendors and teams:
- Whilst this role has no internal direct reports, it is expected that this role will supervise an offshore partner team of specialists, as well as a collection of software and service vendors
- Perform and maintain assessments of, and a register of current and potential vendors
Advocate and inform:
- Promote a culture of strong information security - each business, in particular the leadership of each business should be kept aware of the cyber risks and regulations that may affect their business, and team members should look out for and check each other
- Develop a governance program to manage any deviations (or requested deviations) from policy or standards
Manage incidents:
- Develop and support business continuity and disaster recovery planning and execution
- Ensure that appropriate monitoring and reporting is in place, and in the event of a cyber security incident, manage the incident response in line with agreed procedures
Documentation:
- Develop SLAs and produce regular reporting as required by the group and by each business
- Keep each business – and as required by regulation, their boards – informed on the security program, and any threats and incidents related to that business
- Ensure that documentation exists and is kept up-to-date for all security processes
Required Software
Microsoft, Apple, Security-specfic software
ISC2 or ISACA certifications and/or Microsoft Security Certifications advantageous
Work Experience
Strong, recent hands-on technical experience as well as demonstrable people management and vendor management experience
Competencies
Behavioural Competencies
- Exceptional customer service, but able to resist where appropriate
- Focus on governance and documentation
- People and vendor management
- Constantly striving to keep on top of cyber trends and topics
- Desire to travel and spend time with people
Technical Competencies
- Deep technical cybersecurity knowledge and expertise, both for cloud and on-premise
- Zero Trust principles and practical implementation experience, including ZTNA
- Strong Microsoft security tool implementation and administration experience, across M365 and Azure
- Understanding of, and ability to implement Apple device security controls
- Software development security (including OWASP, SCA, SAST, DAST, etc.)