IT Security

Responsibilities

Essential Duties:

Develop a divisional information security vision and strategy aligned to Kingspan Group organizational priorities, enabling, and facilitating the organization's business objectives and ensuring senior stakeholder buy-in and mandate. Build and develop a team of IT Security experts. Ensure Divisional Security is managed to and compliant with the Kingspan IT Manual Lead the Divisional IT Security Governance & Compliance and Lead the recurring Internal IT General Controls and Cyber Security Audits In Collaboration with other Kingspan global teams, Develop, Maintain the Divisional Cyber Security Incident Response Plan Lead Conduct recurring Tabletop Reviews of the Divisional Cyb3er Security Incident Response Plan Lead the activities of threat response and vulnerability management, identify risk plans, and recommend remediation plans. Lead the information security function across the Division to ensure consistent and high-quality information security knowledge and management to support the business goals. Provide regular reporting on the status of the information security program to senior business leaders and Divisional Leadership as part of a strategic enterprise risk management program, thus supporting business outcomes. Work with the vendor management teams to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the Security and Data Governance Programs, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels. Create and manage a targeted information security awareness program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences. Manage the budget for the function, monitoring and reporting discrepancies. Partner closely with business and executive leadership to ensure that all applications and platforms are developed with security in mind and that appropriate security controls have been implemented while driving continuous investment into the Cyber security areas.

Qualifications

The Manager of Security & Data Governance should have:

A technical background with a strong understanding of cloud and network security architecture. Demonstrates a deep understanding of leading-edge security tools and technologies in the marketplace. Excellent analytical skills to analyze security requirements on a divisional scale and relate them to appropriate security controls. Experience with Data Governance, including Data Classification, Data Discovery, Data Security, Data Retention and Data Loss Prevention (DLP) Experience developing people and cyber security teams. 15 years IT experience with at least five of those years working in an IT Security role in a technical senior, supervisory or managerial capacity. Experience with information security management frameworks such as: National Institute of Standards and Technology (NIST), Center for Internet Security (CIS), International Standards Organization (ISO) 27001 and other leading-edge frameworks. Previous experience with designing IT Security architecture in a large-scale Enterprise, technologies included: Cloud security, network security, OT security, application security and endpoint security. Experience in developing and execution of enterprise scale cyber security strategy ensuring alignment to overall business strategy. Experience in performing risk, vulnerability, business impact assessments and in defining remediation strategies. Experience developing and implementing policies, procedures and guidelines. Solid understanding of project management principles. Ability to translate understanding of the organization’s goals and objectives into technology requirements. Experience working in manufacturing, or similar industry is advantageous.

This job description indicates the general nature and level of work expected. It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent.

Incumbent may be asked to perform other duties as required.

---