Information Security Officer

Our client, a well-established organisation operating in a regulated financial services environment, is seeking a skilled Information Security Officer to join their Risk Function on a permanent basis. This is a key role that offers strategic oversight and governance across cyber, IT, and information risk domains. The position is based in Leopardstown, Dublin 18, with a hybrid working model available.

Role Overview

As part of the second line of defence, the Information Security Officer will be responsible for overseeing the organisation’s information and cyber risk management framework. The role involves defining policies, guiding risk assessments, supporting regulatory compliance, and providing subject matter expertise across key business areas.

This role constitutes a controlled function under the Central Bank of Ireland’s Fitness and Probity Standards.

Key Responsibilities

• Define and monitor the implementation of IT, information, and cyber risk policies.
• Ensure alignment with relevant regulatory requirements, including DORA.
• Provide second-line oversight on IT, information, and cyber risk controls across the organisation.
• Review and challenge first-line risk assessments, control testing, and remediation plans.
• Lead awareness initiatives and training on cyber and data privacy risks.
• Conduct second-line testing to verify the adequacy of first-line controls and risk responses.
• Oversee the performance and assurance of third-party providers from an information security perspective.
• Contribute to privacy oversight activities, including assessments and incident response.
• Report regularly to Risk Committees and other governance forums.

Candidate Profile

• Minimum of 3 years of relevant experience in Information Security or Operational Risk.
• Strong understanding of regulatory frameworks and the three lines of defence model.
• Professional certifications such as CISSP, CISM, or equivalent (or actively working toward).
• In-depth knowledge of IT and cyber risk, security best practices, and data protection principles.
• Experience advising on GDPR and data privacy-related controls.
• Strong communication and stakeholder engagement skills across senior levels.