Location: Cork (Hybrid) | Duration: 12 Months
Role Purpose
To support the Information Security & Privacy team in managing IT risk, ensuring regulatory compliance (including NIS2, GDPR, and AI regulations), and maintaining a robust third-party governance framework.
Core Responsibilities
Third-Party & Supplier Risk: Maintain and mature the third-party governance framework, review assessment questionnaires (DPIAs), and coordinate with business owners for onsite audits.
Risk Management: Manage the execution of the Risk Working Committee (RWC); ensure IT risks are captured, logged, and mitigated through stakeholder engagement.
Security Awareness: Lead the day-to-day execution of phishing campaigns, corrective actions, and employee security training and announcements.
Incident & Compliance: Manage daily incident reporting for IT risks and GDPR breach notifications. Support the wider team during active security incidents.
Audit & Controls: Execute scheduled governance reviews, assist with audits, and review documentation to ensure compliance with security policies.
Advisory & Admin: Provide security and data protection advice for internal projects and manage daily administrative tasks, including the GRC mailbox and MI reporting.
Key Requirements
Experience: Previous exposure to GRC, IT Audit, or Data Protection.
Regulatory Knowledge: Familiarity with GDPR, NIS2, and evolving AI compliance standards.
Skills: Ability to maintain policies/procedures, produce management information (MI), and track risk registers.
Attributes: Highly organized with the ability to manage multiple operational "day-to-day" streams effectively.
Working Pattern
Hybrid: A balanced split between the Cork office and remote work.
#J-18808-Ljbffr