Get AI-powered advice on this job and more exclusive features.
Ayvens is a leading provider of mobility services worldwide with 3.3 million vehicles under management. The Ayvens brand was launched in 2023, following the merger of the ALD and LeasePlan leasing groups to create a market leader in mobility. Ayvens is part of the Societe Generale Group.
In Ireland Ayvens operates leasing and insurance units. Ayvens is seeking an Information Risk & Security Officer to oversee information security risk in its Irish units.
Job Purpose and Reporting Line
The Information Risk & Security Officer role forms part of the second line of defense Risk Function. The role is responsible for oversight of information security policies, standards and processes and for providing subject matter expertise and guidance on security risks, their assessment and relevant mitigating actions. The Information Risk & Security Officer role will form part of the Risk Function.
This position constitutes a controlled function under the Central Bank of Ireland Fitness and Probity Standards and the role is subject to approval pursuant to such Standards.
Scope of Responsibilities
The Information Risk & Security Officer is responsible for:
Defining and monitoring the implementation of policies on topics related to IT, information and cyber risks.
* Align policies with local regulations, including DORA.
* Oversee the implementation of the framework for managing IT, information, and cyber risks.
* Oversee information risk management when undertaking projects and report as required,
* Review and monitor training on IT, information and cyber risks,
* Create awareness in the first line relating to information risk rules, policies and procedures,
* Challenge and analyse systems for managing and monitoring IT, information and cyber risks.
* Provide an opinion on implementation of policies, standards and procedures.
* Leading the second-line role in relation to DORA and providing guidance, advice and challenge in relation to compliance with same.
Contributing to ensuring the overall control of IT, information and cyber risks
* As an independent critical mind, challenge decisions of management of the business, ensuring these are based on complete and transparent information,
* Take part in coordinating and monitoring corrective action plans,
* Coordinate and execute second line oversight and challenge in relation to IT, information and cyber risks,
* Continuously oversee and report on the effectiveness of LOD1 controls and the adequate identification and measurement of risks,
* Monitor the quality of information risk assessments, vendor risk assessments and the quality of control testing.
Risk identification and monitoring
* Challenge IT, information, and cyber risks indicators provided by LOD1
* Be the point of contact for all topics related to IT, information, and cyber risk.
* Challenge and assist in the implementation of the information risk management measures to ensure that the processes and controls in place in the LOD1 are properly designed and effective
* Challenge and quality assure risk assessments by the business, to ensure they sufficiently address relevant Information Security risks and risk responses (including risk acceptance).
* Carry-out second-level control testing to verify the adequacy and effectiveness of controls performed by LOD1
* Develop and maintain the Information Security Risk monitoring plan including thematic reviews of the information risk framework
* Advise and support the LOD1
* Oversee, challenge and report on the Information Security performance of outsourced service providers through review of assurance reporting.
Privacy second line oversight
* Carry out LOD2 activities as required by Group Data Privacy Policies.
* Challenge and assist in relation to data privacy assessments completed by 1LOD functions.
* Assess, monitor and report on privacy and data protection risks and the effectiveness of controls in relation to new/existing products, systems and processes etc.
* Create awareness in the first line relating to data privacy requirements, policies and procedures and assist with staff training on data privacy topics.
* Facilitate the identification and management of potential situations and/or risks in projects and processes
* Ensure data protection incidents are properly identified, investigated, reported and resolved, taking measures to prevent them from happening again, with the aim of minimizing the occurrence of situations that jeopardize Ayvens reputation
Reporting
* Report to the Risk Committees and other committees regarding information risk as requested. Build and maintain relationships with Group Risk, Group Information Security, the Group IT organization, the Group Privacy function and program/project managers on their Information risk exposure, appetite and treatment.
Skills required
* University level education
* 3+ years of relevant experience.
* CISSP and CISM (or equivalent) accredited or obtain these in the short-term (1-2 years).
* Up to date CPD for qualification held (where applicable)
* A background in Information Security and a strong affinity with IT is preferred.
* Strong analytical skills. You will need to be able to quickly get to the bottom of the most important vulnerabilities, threats, and potential controls.
* Experience in providing advice on data protection best practices
* Previous experience of working within the three lines of defense model
* Ability to develop and maintain valuable stakeholder relationships
* Good communication and presentation skills. Comfortable and experience in addressing groups, subject matter experts and middle / senior / top level management. Know when to listen.
* English (fluent, spoken and written)
* Critical but constructive mindset, forming your own opinion based on your own analysis and observations.
* Pro-active.
* Ask for help when needed.
* Eager to explore and learn new things.
* Give advice with the business objectives always in mind.
* Timely manage stakeholder expectations.
* Uses a creative approach to explain technical topics to various types of audience
Under group polices, the role forms the second-line information risk function and second-line privacy function.
Seniority level
* Seniority level
Mid-Senior level
Employment type
* Employment type
Full-time
Job function
* Job function
Information Technology and Other
* Industries
Insurance and Financial Services
Referrals increase your chances of interviewing at Ayvens by 2x
Get notified about new Information Security Officer jobs in Dublin, County Dublin, Ireland.
Chief Information and Security Officer (CISO)
Dublin, County Dublin, Ireland 4 days ago
Information Security Officer EMEA-Global Security and Risk Management, Ireland
Dublin, County Dublin, Ireland 3 weeks ago
Information Security and ISO 27001 Consultant
Dublin, County Dublin, Ireland 1 week ago
Bluebell, County Dublin, Ireland 2 hours ago
Dublin, County Dublin, Ireland €150,000.00-€170,000.00 2 weeks ago
Audit Manager - Information Security and Risk Management
Dublin, County Dublin, Ireland 4 days ago
Senior Information Technology Security Officer
Dublin, County Dublin, Ireland 1 week ago
€23.90 PH* - Data Centre Security Officer - Grangecastle
Lucan and Pettycanon, South Dublin, Ireland 2 weeks ago
Dublin, County Dublin, Ireland 2 weeks ago
Dublin, County Dublin, Ireland €100,000.00-€150,000.00 3 weeks ago
Audit Manager - Information Security and Risk Management
Dublin, County Dublin, Ireland 4 days ago
Dublin, County Dublin, Ireland 1 week ago
Dublin, County Dublin, Ireland 2 weeks ago
Dublin, County Dublin, Ireland 2 weeks ago
Cybersecurity Architecture Senior Manager
Dublin, County Dublin, Ireland 2 weeks ago
Dublin, County Dublin, Ireland 7 hours ago
Dublin, County Dublin, Ireland 6 days ago
Dublin, County Dublin, Ireland 31 minutes ago
Dublin, County Dublin, Ireland 2 weeks ago
Dublin, County Dublin, Ireland 2 weeks ago
Dublin, County Dublin, Ireland 4 weeks ago
Dublin, County Dublin, Ireland 2 weeks ago
Dublin, County Dublin, Ireland 3 weeks ago
Dublin, County Dublin, Ireland 1 week ago
Regional Chief Information Officer (PCF-49)
Dublin, County Dublin, Ireland 1 week ago
Dublin, County Dublin, Ireland 1 week ago
Dublin, County Dublin, Ireland 6 days ago
Dublin, County Dublin, Ireland 1 week ago
Senior Systems Administrator - Dublin - 144801
Dublin, County Dublin, Ireland 2 weeks ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr