Available for Work Visa Sponsorship:NO
Business Area:Cyber Security
Contract Type:Full-Time – Permanent
You will be a core member of a highly skilled and rapidly growing team of Technical Security specialists.
Your Key Responsibilities
Your role as a security architect will be to assist in establishing a target operating model for the security architecture function, defining requirements to establish a team to deliver security architecture design reviews through the lifecycle of complex global projects across a wide selection of technologies and platforms for our client’s IT and OT environments. Defining and establishing a team to secure enterprise information by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; and mentoring team members.
You will belong to an internationally connected team of specialists helping clients with their most complex cybersecurity needs and contributing toward their security posture and business resilience.
Knowledge and Skills for the role include
- Establish a Security Design Architecture function and Target Operating Model
- Develop security architecture charter inc. governance structure, roles and responsibilities
- Identify and document required processes for management of security architecture activities
- Identify required changes to current processes and practices (e.g. change management) to include future security architecture oversight
- Establish skills and training requirements for security architecture function, inc. roles and responsibilities and likely headcount requirements
- Support the design of the Cyber Risk Management function
- Adopt industry framework for cyber risk management (e.g. IS027K and NIST 800-30)
- Develop risk register and taxonomies, formalise risk profiling, rating and scoring metrics and ensure consistency with existing organisation risk definitions
- Develop risk intelligence plan inc. assessment criteria, process, questionnaire, etc…
- Define skills and training requirements for risk management personnel, inc. roles and responsibilities and likely headcount requirements
- Ability to take on responsibility for project security review reports and to follow these through to completion including liaising with security and project stakeholders and offer robust security posture advice and ensuring formal security approval of ‘go live’ scenarios.
- Ability to independently lead and support remote teams in performing complex architecture reviews in a variety of environments, liaising with several teams across different client sites
- Expert-level security knowledge in technical IT and OT domains - operating systems, networks, databases, mobile, cloud, SCADA, PLC understanding an advantage.
- Understanding and experience designing and implementing enterprise security and solution security architectures for large organisations leveraging frameworks such as SABSA and TOGAF
- Implementation of cybersecurity controls using industry-leading practices such as NIST CSF, NIST 800-53, OWASP, Centre for Internet Security (CIS), ISO 27001, COBIT etc
- Experience in maintaining compliance with regulations and standards such as NISD, GDPR, PCI-DSS etc in executing security architecture design reviews and advice, in addition to audit requirements and exacting reporting formats
- Experience in security vulnerability identification, application security remediation and threat modelling approaches such as cyber kill chain, STRIDE, exposure analysis etc
- An in-depth awareness and understanding of the cyber and business risks associated with the threat and vulnerability and penetration testing domain
- Requirement to stay up-to-date on current security threats, trends and control solutions
- Experience in preparing system security reports by collecting, analysing, and summarizing data and trends for project and operational and project governance reporting
- A consultative manner and customer facing skills with the ability to communicate with stakeholders at all levels and advise on best practices in the security domain
- Excellent communication and stakeholder management skills and ability to negotiate and manage expectations with business as well as technology stakeholders.
Experience and attributes for success:
:
- 5-10 years' experience working in cyber security technical roles advising on security controls design, implementation and testing on across various sectors
- Experience in ‘Big 4’ or similar consultancy experience in the Irish market
- Track record in supporting the delivery of a broad range of cyber security controls and projects in an Enterprise environment.
- Manufacturing, Government, Transport, Financial sector experience desirable
- Driven cyber security professional with a passion for information security and securing client infrastructures
- Strong analytical skills to solve technical issues and flexibility in handling multiple issues at once
You will also have focussed on some of these areas in the past:
- Establishing Application, Mobile, IoT, Cloud, Infrastructure and Network Security controls;
- Defining operational requirements to carry out reviews across infrastructure components including- Applications, Servers, Networks, Firewalls, Security Monitoring solutions, , etc
- Security Engineering and/or Architecture experience (SABSA an advantage)
- Specifying and performing vulnerability analysis and review pen test and scan results
Attributes:
- Excellent communication and project management skills (verbal and written),
- Excellent organisational and problem-solving skills in addition to strong attention to detail,
- Excellent working knowledge of Microsoft PowerPoint, Word, Excel and online research tools,
- Strong collaboration skills, ideally working with global and multi-functional teams.
- Ability to prioritise and work to tight deadlines and manage own caseload.
- The ability to learn quickly and to work well under pressure,
- The ability to listen attentively and express complex issues concisely to clients
- An enquiring mind, the tenacity to overcome technical challenges, and an ability to approach problems from different perspective
- Show leadership and motivate teams, including project management of consultancy projects
- Participate in implementation or deployment of new tools, processes and best-practices in order to improve knowledge sharing and to raise security level while promoting security awareness
Qualifications:
- Undergraduate or masters’ degree preferably in one of the following areas: Information Security, Cyber Security, Cloud Computing, Information Systems, Computer Science, Engineering, and/or other equivalent industry certification
- Industry-related certification preferred (e.g. CISSP, CISM, SANS, SABSA, TOGAF)
- IEC 62443 certification / experience and advantage.
We offer a competitive remuneration package. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:
- Support and coaching from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way that’s right for you
All our employees are given a benefits package which they can tailor to suit their individual preferences. Our range of benefits include:
- Pension
- Maternity & Paternity leave
- Discounted health insurance
- Bike to work Scheme
- Web Doctor - Free unlimited online GP consultations for you and your family
- Recognition Awards
- The purchase of additional annual leave
- Cash incentives for referrals
- Hybrid Working
- Work Mobile
- Free Gym membership ·
- TECH MBA paid by EY
- Travel Pass
- Wellness rooms Available in some offices
Career Progression
- When you join EY, you will be supported to ensure that you are enhancing your skills from day one.
- Continuous learning, where you can develop the mindset and skills to navigate whatever comes next.
- As you grow and develop here, you’ll discover opportunities to help customise your career journey, so that it’s as unique as you are - success is defined by you, we will provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership, we will give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture, you will be embraced for who you are and empowered to use your voice to help others find theirs.
- We have embraced Hybrid working at EY adding greater flexibility and autonomy to the roles of our employees.
Inclusion & Diversity
We hold a collective commitment to foster an environment where all differences are valued and respected, practices are equitable and everyone experiences a sense of belonging: Inclusion, diversity, and equity are part of who we are at EY. We believe that the highest-performing teams maximize the power of different perspectives and backgrounds. These teams are both diverse and inclusive and are willing to invite and learn from other perspectives. Our ability to include various viewpoints into our mindsets, behaviours and operations is fundamental to driving innovation, building strong relationships, and delivering the best solutions for our clients.
We recognise the strength that comes from having a diverse workforce and building a culture where we support all our people to achieve their potential. You’ll be embraced for who you are and empowered to use your voice to help others find theirs.