IT Security and Risk Manager

The Davy Group is Ireland’s leading provider of wealth management, asset management, capital markets and financial advisory services. You can read more about our growing company here: www.davy.ie

We value our employees as much as our clients, and are committed to embracing diversity in all its forms recognising that the breadth of thought, perspective and experience that emerges from a diverse workforce is essential to deliver on our core values.

Our city centre location, free access to our onsite gym and fitness studio, and impressive social calendar are just some of the unique benefits our employees enjoy while working at Davy.

Performance related bonuses, generous pension contributions and investment into further education demonstrate the value we place in developing and rewarding our staff.

Davy. Making a difference that matters.

An opportunity has arisen for an IT Security and Risk Manager to join our Information Systems team. This is a senior role within the Information Systems leadership team. You will be responsible for leading the information security program to ensure that technology, applications, systems, infrastructure and processes are effectively protected.

Key Responsibilities:

• Lead the IT Information Security and Risk team
• Develop and enhance our information security management framework based on ISO27001 and the National Institute of Standards and Technology (NIST) Cybersecurity Frameworks.

• Develop, establish and maintain standards, procedures and guidelines to promote the security and uninterrupted operation of computer-based systems at Davy

• Develop & maintain our strategic work Programme to prioritise & co-ordinate Information Systems security related activities & initiatives

• Project management of key initiatives.

• Coordinate the IT Risk management processes and engagement with internal and external stakeholders.

• Maintain a strong ongoing awareness of external threats & ensure the associated risks are understood & highlighted for action within the Information Systems department.

• Function as an internal consulting resource on information security issues.

• Ensure appropriate control environment in place and effective assurance around the controls.

• Establish, maintain & report key Information Security, Risk & Control metrics on a regular basis.

• Contact point for internal & external audits of Information Systems function.

• Engage with audit & regulatory oversight bodies as part of periodic IT & business reviews.

• Be a key member of the organisations’ Information Security Governance committee

• Chair Davy Information Systems Patch Management & Change Advisory Board meetings.
• Comply with the Risk and Compliance frameworks, policies and procedures associated with the role
  

Requirements

• Relevant 3rd level Degree or Masters
  
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• A minimum of 10 years Information Security experience in a Financial Services Organisation.
• Experience dealing directly with external audit/regulatory oversight bodies
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment
• Proven track record in managing & reporting IT risks
• Strong technical skills
• Broad knowledge of information technology security solutions
• Good knowledge of cloud-based application security models
• Strong experience in evaluating 3rd party solutions and managing the selection process
• Strong experience in managing 3rd party solution providers
• Excellent organisational, verbal & written communication skills;
• A proven record as a team player;
• An ability to work under pressure and prioritise workloads and achieve critical deadlines
• Strong troubleshooting & problem-solving skills;
• Proven ability of operating at a senior level
• Ability to communicate effectively with technical & business stakeholders