Overview
Information Risk and Security Officer
Location: Leopardstown, Dublin 18
Position type: Permanent
Company Background
Ayvens is a leading provider of mobility services worldwide with 3.3 million vehicles under management. The Ayvens brand was launched in 2023, following the merger of the ALD and LeasePlan leasing groups to create a market leader in mobility. Ayvens is part of the Societe Generale Group. In Ireland Ayvens operates leasing and insurance units. Ayvens is seeking an Information Risk and Security Officer to oversee information security risk in its Irish units.
The Information Risk and Security Officer role forms part of the second line of defence Risk Function. The role is responsible for oversight of information security policies, standards and processes and for providing subject matter expertise and guidance on security risks, their assessment and relevant mitigating actions. The role will form part of the Risk Function and is a controlled function under the Central Bank of Ireland Fitness and Probity Standards.
Responsibilities
* Defining and monitoring the implementation of policies on topics related to IT, information and cyber risks
* Align policies with local regulations, including DORA
* Oversee the implementation of the framework for managing IT, information, and cyber risks
* Oversee information risk management when undertaking projects and report as required
* Review and monitor training on IT, information and cyber risks
* Create awareness in the first line relating to information risk rules, policies and procedures
* Challenge and analyse systems for managing and monitoring IT, information and cyber risks
* Provide an opinion on implementation of policies, standards and procedures
* Lead the second-line role in relation to DORA and provide guidance on compliance
Contributing to ensuring the overall control of IT, information and cyber risks
* Challenge management decisions to ensure they are based on complete and transparent information
* Coordinate and monitor corrective action plans
* Coordinate and execute second-line oversight and challenge related to IT, information and cyber risks
* Oversee and report on the effectiveness of LOD1 controls and risk identification/measurement
* Monitor the quality of information risk assessments, vendor risk assessments and control testing
Risk identification and monitoring
* Challenge IT, information, and cyber risk indicators provided by LOD1
* Be the point of contact for topics related to IT, information, and cyber risk
* Assist in implementing information risk measures to ensure processes and controls are properly designed and effective
* Quality assure risk assessments to address Information Security risks and risk responses
* Carry out second-level control testing of controls performed by LOD1
* Develop and maintain the Information Security Risk monitoring plan
* Advise and support the LOD1
* Oversee and report on information security performance of outsourced service providers
Privacy second line oversight
* Carry out LOD2 activities as required by Group Data Privacy Policies
* Assist with data privacy assessments completed by 1LOD functions
* Assess, monitor and report on privacy and data protection risks and controls
* Create awareness in the first line relating to data privacy requirements and staff training
* Facilitate identification and management of risks in projects and processes
* Ensure data protection incidents are investigated, reported and resolved to minimise reputational risk
Reporting
* Report to Risk Committees regarding information risk as requested
* Build and maintain relationships with Group Risk, Group Information Security, Group IT, Group Privacy and program/project managers on information risk exposure and treatment
Skills and Qualifications
* University level education
* 3+ years of relevant experience
* CISSP and CISM (or equivalent) accredited or to obtain in 1–2 years
* Up-to-date CPD for qualification held (where applicable)
* Background in Information Security with a strong affinity for IT
* Strong analytical skills and ability to identify vulnerabilities and propose controls
* Experience advising on data protection best practices
* Experience in a three lines of defense model
* Ability to develop and maintain stakeholder relationships
* Good communication and presentation skills; comfortable addressing varied audiences
* English fluent (spoken and written)
Behavioural Competencies
* Critical but constructive mindset with independent analysis
* Pro-active and collaborative
* Asks for help when needed
* Eager to learn and adapt
* Provides advice aligned with business objectives
* Timely in managing stakeholder expectations
* Explains technical topics to diverse audiences
Ayvens is an equal opportunities employer.
Benefits
* Bonus
* Annual Leave
* Pension
* Some Working from Home
Employment details
* Seniority level: Mid-Senior level
* Employment type: Full-time
* Job function: Information Technology
* Industries: Computer and Network Security
#J-18808-Ljbffr