Information Security Officer (GRC)

Penta Consulting are a technology resource solutions provider to leading OEMs across the EMEA region.

We are currently supporting our leading client in Dublin, Ireland, in the search for a GRC Security Officer

Please note this project will be 2 years in duration, offered as two 12 month contracts. On site work in Dublin is required.

Security Officer – Governance, Risk & Compliance (GRC)

Role Purpose: Ensure ICT security governance, risk management, and compliance are implemented and maintained for transport-critical systems.

Key Deliverables:

• Develop and maintain security policies, standards, and procedures

• Manage Information Security Risk Register and conduct risk assessments

• Ensure compliance with ISO 27001, GDPR, PCI DSS, NIST

• Coordinate internal and external audits

• Support governance reporting to senior management

• Collaborate on Privacy by Design

• Monitor compliance using AI-driven analytics

• Promote security awareness

Experience

• 3+ years in ICT security roles with focus on GRC

• Experience in:

o Policy development

o Risk registers and assessments

o ISO 27001, GDPR, PCI DSS, NIST compliance

o TPRM supplier/vendor security assessments

• Familiarity with GRC tools and AI compliance monitoring

Competencies

• Strong analytical and reporting skills

• Excellent communication and stakeholder engagement

• Ability to prioritise and influence decision-making

• Knowledge of cybersecurity frameworks and threat intelligence

• Collaborative working

Skill Sets

• Risk management and compliance frameworks

• Policy development

• Data protection and privacy (GDPR)

• AI-based risk analytics

• Advanced MS Office

Required Certifications (Minimum One)

• CISSP or similar certification

• CISA, CRISC, or CGEIT

• CCSP (at least one onsite team member)

• CCNA, CCNP, CCIE, CompTIA Security+, CEH

• Microsoft certifications (MCP, MCSE, O365 Security & Compliance)

Additional Expertise

• ISO/IEC 270xx, ISO/IEC 3100x, PCI DSS, CIS Controls, NIST, CSA Cloud Security

• GDPR and Data Protection legislation

• SABSA, TOGAF, AWS/Azure/GCP security and architecture certifications

• Cloud Security (Azure AZ-900, AZ-500, AWS Security)