Information Security & Project Support. Mid-East. Irlanda

Role Objective

The Information Security Engineer will be responsible for the planning, deployment, and delivery of security measures to protect the Coillte’s networks, systems, and applications and ensure the

appropriate controls are in place to protect business information and data from unauthorized access, deliberate attack, theft and corruption. This will also include the ongoing management, monitoring, audit and reporting on the various Information Security controls.

Responsibilities

ecurity Governance & Standards

• Assist with formulating and implementation of Information Security policies, and to manage and

maintain the Information Security Management System (ISMS)

• Assist with development of relevant BCP plans for IT & business from an Information Security

perspective.

Security Operations

• Responsible for configuring & deployment of a variety of security technologies to monitor and respond to current and emerging cyber threats.

• Help to detect and prevent cyber-attacks which includes working hand in hand with Coillte’s Security Operations Centre (SOC) team and other associated Security Partners as appropriate.

• Develop & monitor Key Risk Indicators (KRI) & Key Performance Indicators (KPI), relating to the information security controls of the business.

Security Incident Management

• Ownership & management of the Information Security Incident Management Process.

• Support the management and reporting of incidents & any follow-up actions, agreeing the required actions & ensuring that all required actions are carried out as required.

• Ensure that Security Incidents managed & closed out as required including escalation of incidents as appropriate within agreed timeframes.

Cyber Risk Management

• Oversight & reporting on all risks pertaining to information security, including all forms of cyber risk & all risks relating to the protection of personal data throughout the business.

• Conduct Data Protection Impact Assessments (DPIA) to identify risks arising out of the processing of personal data demonstrating compliance with current GDPR and other associated data protection

laws.

• Assist in the assessment of risk to the security of information, assets, and personnel.

Customer Information Security Management & Training

• Engage with business units to help and guide them in their decision making with respect to Information Security elements of the product/service design.

• Support Digital Subject Access Requests (DSAR), Freedom of Information (FOI) and any other requests for sensitive personal and business data as required by the public or internal business

units.

• Support the ICT Disaster Recovery (DR)/Business Continuity processes for the various business units.

• Provide information security awareness, education, and training.

ICT Technical Services Project Delivery

• Participate in various support/delivery roles on a range of ICT infrastructure projects as appropriate