Contract Duration: Initial term of 12 months, with the possibility of successive 12‑month extensions, allowing for a total duration of up to 5 years.
Hybrid Model: Weekly 3 days on site + 2 days remote.
Client Overview
The Client is an independent statutory body established to improve the delivery of education services to persons with special educational needs, with a particular emphasis on children. It delivers services through its national network of Special Educational Needs Organisers, who interact with parents, schools, and the HSE to coordinate resources and supports.
Providing advice and information on special education to parents and schools
Allocating supports and coordinating local service delivery
Conducting research into special education
Advising the Minister for Education on special education policy
Role Overview
CLIENT seeks a qualified Cyber Security Engineer to strengthen cyber resilience, meet EU regulatory obligations, and support secure delivery of ICT services across on‑premises and cloud environments. The engagement must align with the NIS2 Directive risk‑management measures (including incident reporting and supply‑chain security) applicable to public administration and other regulated sectors.
Mandatory Requirements (Pass / Fail)
7+ years of relevant experience
Availability to start from 01/06/26
CEFR C2 Proficiency / Mastery in English (or equivalent; fluency will be assessed at presentation stage)
Key Deliverables
Design, implement, and operate technical and organisational security controls that satisfy ISO/IEC 27001:2022 (Annex A controls), the security of processing requirements in GDPR Article 32, and provide traceable mapping to recognised control catalogues (e.g., NIST SP 800‑53 Rev. 5).
Develop a Cyber Security Policy for CLIENT
Complete a full cyber security evaluation of all CLIENT systems and provide comprehensive recommendations
Scope of Services
Security Engineering & Architecture
Engineer and maintain controls across IAM, endpoint protection, network segmentation/zero trust, vulnerability & patch management, logging/monitoring, backup/restore, and secure configuration—mapped to ISO/IEC 27001:2022 Annex A (93 controls) and NIST SP 800‑53 Rev. 5 families.
Implement ISO 27001:2022 controls where applicable (e.g., threat intelligence, cloud use, ICT continuity readiness, configuration management, data deletion/masking, DLP, monitoring activities, web filtering, secure coding).
Apply safeguards to meet GDPR Art. 32—encryption/pseudonymisation, CIA + resilience, timely restoration, and periodic effectiveness testing.
Detection, Incident Response & Reporting
Establish and operate incident response procedures consistent with NIS2, cooperation with national CSIRTs / competent authorities, statutory reporting of significant incidents, and control families in NIST SP 800‑53 (IR, AU, SI).
Vulnerability & Patch Management
Run continuous vulnerability identification, risk‑based prioritisation, and remediation across OS, applications, and cloud/infrastructure; integrate with configuration / change management (ISO A.8.9; NIST CM/SI families).
Supply‑Chain Security
Conduct due diligence on direct suppliers / MSPs, enforce minimum control baselines in contracts (including incident cooperation and audit rights), and manage supplier risks—reflecting NIS2 emphasis on supply‑chain security.
Secure the use of cloud services per ISO 27001:2022 A.5.23 and implement GDPR Art. 32 safeguards for personal data (encryption at rest/in transit, key management, tested backup/restore, resilience).
Documentation & Assurance
Maintain Statement of Applicability (SoA), risk register, system security plans, runbooks, architectures, test evidence, metrics, and audit trails mapped to ISO 27001:2022 and NIST SP 800‑53; support internal / external audits and regulatory reviews.
Additional Deliverables
Security Architecture & Control Catalogue – target‑state designs and control mappings to ISO/IEC 27001:2022 Annex A (93) and NIST SP 800‑53; data flows, trust boundaries, baselines, and exceptions.
Operational Playbooks – incident response, vulnerability/patch, change & configuration, access reviews, backup/restore, monitoring & alerting, supplier due diligence, and cloud security playbooks aligned to NIS2 expectations.
Compliance Pack – updated SoA; evidence for GDPR Art. 32 safeguards; NIS2 readiness overview (risk‑management measures, incident procedures, supplier controls).
Security Metrics & Reports (Monthly / Quarterly) – KPIs: MTTR, patch SLA conformance, vulnerabilities by severity/age, phishing / testing outcomes, control effectiveness, supplier findings, incident metrics.
Role‑based technical training aligned to the European Cybersecurity Skills Framework (ECSF) and/or NICE for well‑defined work roles, tasks, knowledge, skills.
Requirements
Experience / Competencies / Skillsets applicable to this role.
Technical Experience
Implement NIS2 Directive risk‑management measures (governance, incident reporting, supply‑chain security, business continuity) and cooperate with national CSIRTs / competent authorities.
Implement ISO/IEC 27001:2022 – ISMS clauses 4–10 and Annex A control implementation/evidence.
Apply GDPR Art. 32 risk‑appropriate technical and organisational measures for security of processing.
Use NIST SP 800‑53 Rev. 5 as a reference catalogue for control design, mapping, and assurance.
Use ECSF for role/competency alignment and skills development tracking.
Additional Requirements
Hands‑on security engineering / operations in public sector or regulated EU environments, with ISO/IEC 27001:2022 control implementation and GDPR Art. 32 safeguards (5+ years desirable).
Demonstrable experience producing mappings to NIS2 risk‑management measures and NIST SP 800‑53 controls.
Designs, implements, and operates security controls, establishes guardrails and runbooks, and produces compliance evidence; collaborates with SecOps/Blue Team, Infrastructure, DevOps, Data Protection Officer, and suppliers (align to ECSF profiles; NICE roles may be referenced supplementary).
#J-18808-Ljbffr