Cyber Security - ICT Security Risk Officer
Cyber Security - ICT Security Risk Officer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job Title: Cyber Security Cyber Security Engineer
Location: Dublin 2 Full time role. Typical arrangement is 12 days in office attendance per week onsite as required
Contract / Permanent: FTC 12 Months With further extension
Start date: On or before 24/02/2025
Role:
Our client is looking to establish a cyber security posture management team including the role of Cybersecurity Risk Officer.
The Risk Officer role deals with trying to predict and manage Cybersecurity risk within the organisation. The tole is demanding and involves assessing the threats posed to Revenue from various sources and translating that into a model that can be used to efficiently direct resources and expenditure for maximum return.
The Responsibilities of the Role and the activities that will be required are:
Generate and maintain a threat actor assessment model
Identify Threat Actors and motivations to use as a template for risk profile assessment.
Apply these profiles to the risk model to provide a more complete risk assessment of identified threats.
Generate Maintain and assess Cybersecurity Incident Response plans based on threat scenarios
Preparing Incident documentation and procedures in anticipation of an incident.
Baseline scenario generation and assessment against the existing incident preparation material. Adding new scenarios and adapting as our status changes
Detect Assess and verify vulnerabilities in Revenue systems
Using penetration testing techniques to analyse Revenue web applications and internal systems
Reporting on findings and offering researched solution advice
Build and maintain a risk profile of Revenue systems to enable accurate risk assessment
The Risk Officer will lead a project to pull together information from relevant sources with the aim of building an accurate risk profile of Revenue systems and services. This risk profile will then be used to generate modified risk scores for CVEs as well as generate impact assessments.
The Risk Officer must build an indepth knowledge of Revenue systems and technologies in order to correctly model the environment. A strong technical understanding and applicable handson experience would be seen as an advantage.
SIEM management and orchestration including use case generation and vendor collaboration
Meet with SIEM vendor or vendors and service providers to ensure that use cases match our risk profile and to identify the optimum information resources for SIEM ingestion.
Revenue Risk Posture management (Risk and Vulnerability management)
Ownership and management of the Cybersecurity Risk and Vulnerability management process through its lifecycle.
Lead security resources in developing processes administration of the RVM reporting and coordination of risks to relevant stakeholders.
Project input
provide insight coordination and input into projects at project initiation/HLD stage. This will require an ability to read and review project plans and provide feedback or ask for clarifications.
Participate in projects that require security input and activities and provide support for other teams to ensure security by design principles are adhered to
Experience Level Required:
It is a mandatory requirement that the Resource proposed has the equivalent of 7 years of Cybersecurity experience with demonstrable focus on Risk assessment/Risk management
It is a mandatory requirement that the Resource proposed hold the following qualifications or equivalents:
A Professional qualification in a framework or standard that incorporates cybersecurity risk assessment.
A penetration testing qualification from a recognised vendor outside of college modules that form part of a larger qualification.
Key Deliverable:
The following nonexhaustive list of Key Deliverables are applicable to this Role.
Cyber Security Risk management by engaging with stakeholders through whichever medium is most appropriate
Design and management of a working vulnerability management process that improves communication of risks and makes identification of actions easier
Delivery of penetration testing on internal systems and applications as required. All tests must include a findings report and a followup with stakeholders to agree actions required for mitigation
Periodic reporting on Cyber Security Posture within Revenue
Develope and maintain a cybersecurity risk model that represents Revenue and its systems services and data.
Requirements
Key Experience/ Competencies/Skillsets:
The following Experience/Competencies/Skillsets are applicable to this Role.
1. Demonstrable experience leading or contributing significantly to a vulnerability management process in a Public Sector FinTech or Public Services organisation
2. Experience of penetration testing involving any or all of :
a. Web application (Java PHP Angular)
b. Infrastructure (network windows linux database)
c. API / Cloud (AWS GCP Azure)
3. Experience of the application of the MITRE Att&ck framework
4. Attack simulation and risk modelling
5. Report writing and delivery of results
6. Working as part of a team to deliver cross discipline projects
7. Experience of team leadership in a security environment
The following Experience/Competencies/Skillsets are applicable to this Role. 1. Demonstrable experience leading or contributing significantly to a vulnerability management process in a Public Sector, FinTech or Public Services organisation 2. Experience of penetration testing involving any or all of : a. Web application (Java, PHP, Angular) b. Infrastructure (network, windows, linux, database) c. API / Cloud (AWS, GCP, Azure) 3. Experience of the application of the MITRE Att&ck framework 4. Attack simulation and risk modelling 5. Report writing and delivery of results 6. Working as part of a team to deliver cross discipline projects 7. Experience of team leadership in a security environment
Education
It is a mandatory requirement, that the Resource proposed has the equivalent of 7 years of Cybersecurity experience with demonstrable focus on Risk assessment/Risk management It is a mandatory requirement, that the Resource proposed hold the following qualifications or equivalents: A Professional qualification in a framework or standard that incorporates cybersecurity risk assessment. A penetration testing qualification from a recognised vendor outside of college modules that form part of a
Employment Type
Full Time
