Senior Information Security GRC, Architecture and Threat Analyst Ireland, Leinster
Senior Information Security GRC, Architecture and Threat Analyst
The purpose of the role is to ensure that existing and new services are securely implemented through the selection and use of appropriate controls and supporting processes. This position has responsibility for the development, maintenance, and ongoing improvement in the areas of Information Security Governance, Risk, Compliance and Security Architecture. This is a wide-ranging role covering multiple areas of Information Security.
This role is based in Dublin.
- Assist with development of governance and compliance processes to provide oversight and reporting on key controls and risk measures.
- Proactively investigate and research new threats to the organisation and propose solutions/actions to mitigate.
- Identify cybersecurity trends with regards to adversary tactics/methodologies, and techniques that could impact the organisation.
- Provide expert guidance on vulnerability mitigation strategies as part of our vulnerability management processes.
- Develop and maintain security standards, policies, and processes to support the overall Security Strategy and associated frameworks.
- Conduct information security architecture and security control reviews to address the current and emerging information security and compliance requirements of the organization.
- Provide Level 3 support for security incidents and associated events that may arise out of SIEM alerting and other sources.
- Assist with the implementation of frameworks to measure security controls to ensure they are operating as needed, any deviations are known and resolved, improvements identified and implemented.
- Develop and prepare KPIs and KRIs to measure security controls effectiveness.
- Provide expertise, direction and guidance to operations teams when defining security controls to meet existing and future needs and in response to the changing threat landscape.
- Work collaboratively across multiple teams to ensure security controls are developed accordingly, working as designed and operating correctly.
- Assist with Security Architecture reviews and Threat Assessments against new and existing applications and services.
- Assist with security risk assessments and provide input into security and risk mitigation strategies.
- Support both internal and external audits as they arise as well as conduct reviews as required under the 3rd Party Supplier Risk Framework.
- BSc in Computer Science or similar subject area.
- 5+ years experience in Information Security with a particular focus on GRC, Security Architecture, Threat Intelligence, Threat Modelling and Threat Assessments.
- Strong knowledge of Security Architecture and Zero Trust principles.
- Strong knowledge of conducting Security Threat, Vulnerability and Risk Assessments.
- Strong Knowledge of Cloud Security, Architecture, Governance and Compliance controls and processes.
- Good knowledge of the Mitre ATT@CK framework and protection strategies, advising on implementation of detection and prevention controls where possible.
- Good knowledge of frameworks and standards such as NIST, CIS, PCI-DSS, ISO27001:2013, PSD2.
- Good knowledge of security best practices in the SDLC and experience of implementing controls for same.
- Knowledge of working with DevOps practices in the areas of Security Governance, Risk, Automation, Collaboration, Compliance) is advantageous.
- Background working in Financial Services will be considered an advantage.
- Relevant professional certifications a distinct advantage such as CISSP, ISSAP, CISA, CRISC, CISM, CGEIT.