Information Security, Risk & Compliance Officer
This dynamic role focuses on delivering robust security and compliance strategies to safeguard Glanbia Nutritionals' critical systems, data, and technologies.
The Information Security, Risk & Compliance Officer is a senior IT leader who advises the Chief Digital Transformation Officer (CDTO) on information security, risk, and compliance matters. They are responsible for defining and executing the organisation's security strategy, ensuring regulatory compliance while mitigating emerging threats.
Key Responsibilities:
1. Develop and implement an enterprise-wide security strategy aligned with business goals and regulatory requirements.
2. Lead risk management and compliance programs to proactively identify, assess, and mitigate risks to the business.
3. Monitor security controls that safeguard information assets, systems, data, and technologies.
4. Develop, maintain, and enforce Information Security policies and standards in line with regulatory obligations, strategic goals, and security risk objectives.
5. Lead security incident response efforts and ensure timely resolution of security incidents and breaches.
6. Define security architecture principles and guardrails for secure IT service design, implementation, and management.
7. Conduct information security assessments and develop action plans, communicating findings to the Business C-Suite and IT Leadership.
8. Lead Information Security awareness initiatives and advise the executive team on information security, risk, and compliance topics.
9. Manage information security, risk, and compliance talent, maintaining a structure to attract, develop, and retain top talent in this area.
10. Lead business continuity planning to ensure resilience during disruptions.
Requirements:
1. Bachelor's or Master's degree in a relevant field (e.g., Information Security, Risk Management, Computer Science, Information Technology), or equivalent experience.
2. Professional certifications in Security and Risk & Compliance domains (e.g., CISSP, CISM, CRISC) are highly desirable.
3. 10+ years of experience in defining and maintaining enterprise security strategy, aligning cybersecurity initiatives with business and IT objectives.
4. Proven experience in selecting and managing strategic IT and security vendors.
5. Strong background in security architecture, monitoring, and operations (including threat intelligence and incident response).
6. Experience implementing recognised Information Security frameworks (e.g., ISO 27001, NIST Cyber Security Framework).
7. Experience developing and maintaining security controls for Operational Technology (OT) and manufacturing environments.
8. Proven ability to build IT risk management frameworks and lead regulatory compliance activities.
9. Adept at communicating complex technical ideas to C-Suite executives.