Information Security Officer

Information Security Officer

Salary: €79,162 - €103,925

Background

The role of Information Security Officer is an existing role in TII. Successful applicants can expect a challenging, diverse and progressive environment.

In any given year, TII is accountable for the management, oversight and delivery of a wide portfolio of projects, programmes and operations across Ireland’s national roads and light rail public transport networks. TII works with a wide range of third-party service providers in the delivery of its statutory functions.

As for most organisations, IT systems and information security are critical to TII operations. Cyber- attack and network/systems breaches have been identified as two of the key risks to TII at an enterprise level. With increased focus on risk management, data protection and IT security in the public sector and a continuously evolving compliance environment, the role of Information Security Officer is a key resource in the management of cyber risk and assists the organisation in achieving compliance and best practice in this area.

The successful candidate will be a member of TII’s Governance & Legal Team and, in collaboration with TII’s IT Team, will be responsible for further developing information security strategies, policies, controls and assessments and for planning cyber incident responses. The role provides assurance to TII’s Executive team, Board and Audit & Risk Committee on information security across the organisation.

Role and Responsibilities

· Ensure consistency of approach to Information Security across all of TII;

· Develop information security strategies, policies, controls and cyber incident response planning;

· Develop and manage enterprise-wide cyber security assurance programs covering both TII’s owned systems and infrastructure and services and solutions provided by third parties;

· Create and deliver enterprise-wide security training and awareness programs for TII staff and third parties;

· Reporting issues\concerns and progress to the Head of Governance and Legal;

· Deliver and maintain a security framework that supports compliance with the Public Sector Cyber Security Standards and the NIS2 Directive;

· Run exercises such as phishing simulations to assess the security awareness of TII’s user base;

· Work directly on information security issues within Divisions. In doing so he/she will need to work closely with the Corporate Risk Manager, Data Protection Officer and the Head of IT.

· Work with relevant contract managers to assist and advise on appropriate levels of as-surance in information security reporting by third parties;

· Work with internal teams to ensure appropriate contractual requirements regarding Information Security is provided for all employees and third parties

· Review investigations after breaches or incidents, including impact analysis and recom-mendations for avoiding similar vulnerabilities;

· Where necessary, brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget; and

· Attend, as required, Board/Audit and Risk Committee meetings to provide relevant up-dates on issues of Information Security and chair the Cyber Security Committee;

· Network with other Public Sector Agencies or groups to keep abreast of developments and initiatives relating to cybersecurity.

· Undertaking such tasks and duties as may be assigned appropriate to the grade.

All of the divisions within TII have inter-dependant responsibilities and close cooperation and teamwork is required across the organisation.

Note: The functions and responsibilities assigned to this position are based on the current stated role and may be changed from time to time. The person appointed will be required to demonstrate the flexibility necessary to fulfil other roles and responsibilities at a similar grade within TII and may be assigned to other such roles as business needs arise.

ESSENTIAL REQUIREMENTS

Character

Each candidate must be of good character.

Health

A candidate for and any person holding the role must be fully competent and capable of undertaking duties attached to the role and be in a state of health such as would indicate a reasonable prospect of ability to render regular and efficient service.

Education & Experience

The successful candidate will be required to demonstrate the key competencies for a Grade 1 position, as well as the following job specific requirements:

· A third level qualification (NFQ Level 8 or equivalent) in Engineering, Mathematics, Computer Science, Information Systems or other related discipline deemed relevant to the role.

· 7 years’ experience working in an IT related role of which 3 years must be information security related.

· Experience of working with an Information Security standard such as ISO 27001/02 or the NIST Framework

· Previous exposure to a wide range of technologies including the following

o Anti-virus\Malware Protection

o Active Directory and Azure Active Directory

o Mobile Device Management

o Wireless Technologies

o Cloud Services such as AWS and Azure

o Firewalls

o Network Traffic Monitoring and Intrusion Detection\Prevention

o Vulnerability scanning and Penetration Testing tools

· Effective decision maker and ability to work on own initiative

· Experience developing and / or delivering information security training programs

· Proven leadership skills and effective people and relationship management ability

· Good report writing skills

· Excellent communication skills, both written and oral

· Fluency in the English language, both written and oral

Desirable although not essential

· A current specific Security Certification such as Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).

Note:

In order to assure the shortlisting panel that you satisfy these requirements you must explicitly reference how you meet the requirements in your application. Failure to demonstrate these may prevent your application progressing to future shortlisting stages.

Candidates who come under consideration following the final selection stage will be required to provide documentary evidence of their eligibility, including qualifications and evidence of fluency in the English language.

Candidates who are unable to show that they hold the required qualifications may be withdrawn from the competition at any stage. An invitation to interview or any element of the selection process is not acceptance of eligibility.

To apply for, or to locate further information on, these posts please visit our website: https://www.tii.ie/careers/

The closing date for applications is 12pm Thursday 13th March at 12pm.

Transport Infrastructure Ireland is committed to a policy of equal opportunity.