IMI CIB - ISPIRE - Information Security Officer

Scope and Purpose

The Information Security Officer (ISO) spearheads the Information Security and Business Continuity efforts for the Bank, ensuring that local information security activities align with the Group Security  Plan.
The ISO collaborates closely with Head Office to guide the planning, development, implementation, and monitoring of information security for the banks enterprise's information systems.
Additionally, the ISO is responsible for developing and implementing security training and awareness programs to educate employees about the importance of information security, as well as business requirements and solutions related to cybersecurity
Specific Accountabilities:

• Oversight and Reporting: Responsible for overseeing the state of information security and business continuity across the bank, providing periodic reports to the local Board of Directors and Group Head Office.
• Business Continuity Management: Ensure the local execution of Business Continuity activities, including periodic Business Impact Analysis, BCM testing, and reporting, in alignment with the Group model.
• Policy Development and Implementation: Develop, adopt, and periodically update local cybersecurity and business continuity policies, rules, processes, and procedures in alignment with the Head Office's regulatory framework and also satisfy Irish regulatory requirements
• Third Party Security Management: Leading third-party information security management activities. This requires guiding and supporting the banks departmental heads in the selection of third-party service providers, ensuring that these choices align with the organisation's information security standards and local regulatory requirements..
• Incident Response:  The ISO is responsible for the development, annual review and periodic update of local incident response policy, process and procedures, which must align with Head Office's group requirements and concurrently satisfy Irish regulatory requirements
• Information Security Training: Direct responsibility for the local Information Security Training Program, providing regular, ad hoc training and awareness for bank staff on information security best practice and raising awareness of current threats.
• Strategic Collaboration: Work strategically with the Head Office to monitor all aspects of information security and cybersecurity, ensuring professional coordination of security projects and tasks.
• Continuous Monitoring: Perform continuous monitoring of Information Security and Cybersecurity programs to ensure compliance with objectives, policies, and procedures.
• Regulatory and Threat Landscape Evaluation: Identify changes in local regulations which are relevant to the bank and maintain an initiative-taking awareness of changes in the Information Security and Cybersecurity threat landscape, concurrently, assessing new security products, attack vectors, and countermeasures.
• Security Objectives Coordination: Work with information owners in business units to determine appropriate security objectives for resources.
• Access Control and Compliance: Monitor the access control program, ensuring proper documentation and compliance with account management and password requirements.
   

Required Experience

• Minimum 5 years’ experience of Information Security management and Business Continuity management activities.

Required Qualifications, Skills and Knowledge

• Bachelor's degree in Computer Science, Information Technology or relevant technical field
• Experience leading, implementing and driving a third-party security  management programme
• Experience of developing and applying a controls environment based upon the NIST Cyber Security Framework across an organisation
• Experience in developing and delivering Information Security and Cybersecurity awareness programs
• Experience in information security risk classification / management
• Experience in information security incident response activities
• Master’s degree in appropriate technical area (Information Technology / Information Security)
• Preferable Certified Information Security Manager (CISM)
• Preferable to have experience working in a financial organisation and an understanding of financial processes.