**Cork or Dublin based** Hybrid- 2 days office ** Permanent Role**
The Role:
Based in Cork or Dublin and reporting to the Cyber Security Manager, RVM Lead role leads the enterprise-wide Threat and Vulnerability Management (TVM) programme, ensuring proactive identification, assessment, prioritisation, and remediation of cyber risks across IT, OT, and cloud environments. The Risk and Vulnerability Management Lead drives continuous improvement in risk posture through advanced threat hunting, security assessments, cyber threat intelligence integration, attack surface management, insider threat detection, incident response readiness, and robust reporting and metrics. Acting as the subject matter expert for vulnerability management and cyber resilience, the role collaborates with technical and business stakeholders to safeguard critical assets and enable secure business operations.
Duties and Responsibilities:
Threat & Vulnerability Management (TVM)
* Lead the design, implementation, and operation of the TVM programme, covering IT, OT, and cloud environments
* Oversee vulnerability scanning, detection, classification, and assessment using industry-standard tools (e.g., Qualys, Tenable, Rapid7)
* Ensure risk-based prioritisation of vulnerabilities using CVSS, asset criticality, and real-time threat intelligence
* Drive remediation planning and execution, including emergency patching and coordination with system/application owners
* Maintain comprehensive vulnerability reporting, dashboards, and historical trend analysis for stakeholders.
* Lead vendor relationship and performance management for the
TVM managed service
, ensuring quality standards, and integration with internal workflows.
Threat Hunting & Security Assessments
* Conduct proactive
threat hunting
across enterprise telemetry (EDR, SIEM, network, cloud) to identify emerging risks and suspicious activity
* Lead and coordinate
security assessments
, including penetration testing, red and blue team exercises, and regulatory reviews
* Integrate findings from threat hunting and assessments into the TVM and incident response processes.
Cyber Threat Intelligence (CTI)
* Ingest, analyse, and operationalise
cyber threat intelligence
feeds to contextualise vulnerabilities and inform risk decisions
* Monitor the
global threat landscape
for new vulnerabilities, attack patterns, and threat actor behaviours
* Participate in industry threat intelligence sharing communities (e.g., ISACs) and collaborate with trusted partners.
Attack Surface Management
* Map and continuously monitor GNI attack surface, including external exposures, cloud assets, and third-party connections
* Identify and assess changes in the attack surface structure resulting from new deployments, data or information flow integrations, or business initiatives
* Recommend and implement controls to reduce exposure and harden critical assets.
Insider Threat Detection
* Develop and maintain insider threat detection capabilities, leveraging behavioural analytics, DLP, and SIEM integrations
* Investigate anomalous activity and coordinate with HR, legal, and compliance teams as required
Incident Response Readiness
* Ensure TVM processes are tightly integrated with incident response playbooks and workflows
* Lead vulnerability-driven incident investigations and coordinate rapid containment and remediation actions
* Conduct post-incident reviews and root cause analyses, integrating lessons learned into continuous improvement.
Cloud & Third-Party Risk Assessment (TPRA)
* Oversee vulnerability management and risk assessments for cloud platforms (Azure, AWS, GCP) and SaaS applications
* Support third-party risk assessments (lead by Information Security team), ensuring vendors and partners meet enterprise security requirements
* Integrate cloud and third-party risk assessment findings into overall risk posture and reporting.
Reporting & Metrics
* Develop and maintain executive dashboards and detailed reports on vulnerability status, remediation progress, risk trends, and security posture
* Track and report key TVM/RVM metrics with overall risk reduction over time
* Present findings and recommendations to senior management, board, and regulatory bodies as required.
Mentorship & Collaboration
* Guide junior analysts in advanced threat and vulnerability management practices, while partnering with architects, project teams, and OT stakeholders to ensure robust cyber risk mitigation across IT, OT, and cloud environments.
Knowledge, Skills and Experience:
* Degree in Information Security, IT, or related discipline; advanced degree or certifications (CISSP, CISM, CEH, GIAC) preferred
* 5+ years' experience in cyber risk, vulnerability management, or security operations, with demonstrable leadership in TVM programmes
* Hands-on expertise with vulnerability scanning tools (Qualys, Tenable, Rapid7), SIEM, EDR, and threat intelligence platforms
* Strong understanding of CVSS scoring, exploitability, risk prioritisation, and regulatory frameworks (NIST, ISO, GDPR)
* Capacity to assess risk scenarios, prioritise actions, and propose pragmatic solutions under pressure is essential
* Experience with cloud security, third-party risk assessment, and incident response
* Ability to balance tactical remediation with long-term risk reduction and continuous improvement.
* Excellent communication, stakeholder management, and reporting skills.
* CISSP, CISM, CEH, GIAC (GCIH, GSEC), CompTIA Security+, Azure/AWS/GCP Security Specialist advantageous.
Applications, including current Curriculum Vitae, should be emailed to the following address stating the job title and reference number in the subject line of your email:
The closing date for receipt of applications for this vacancy is the
5 January 2026.
Please note that applications submitted after this closing date will not be accepted.
Gas Networks Ireland is an equal opportunities employer
We are committed to providing a diverse and inclusive place of work and have a robust strategy and framework called ibelong to enable this. We are an equal opportunity employer and through our recruitment process we welcome and encourage applications from interested and suitably qualified individuals regardless of gender, age, racial or ethnic origin, membership of the traveller community, religion or beliefs, family or civil status, sexual orientation/gender identity or disability.
GNI will only hold your data for as long as necessary. By providing a CV to GNI you are agreeing for GNI to process this information about you. If you have any question about how GNI processes your data, please see our
Privacy Notice
. If you have further questions, you can contact us