People, Person, Clinic, Doctor, Lab Coat, Scientist

Information Security Consultant


Information Security Consultant

Dublin | Ireland

Information Security Consultant

Group Information Security (GIS) is committed to having an effective Information Security Policy Standard in place, supported by appropriate standards and guidance, to ensure the confidentiality, integrity and availability of all information and information systems. Information is an asset which, like other important business assets, has value and consequently needs to be protected.

GIS is responsible for:

  • Ensuring that minimum standard technical security policies and standards are developed to support Group Policy and outline how Information should be protected, processed or transmitted on Group Infrastructure and systems.
  • Supporting Business Units in defining their security control requirements.
  • Proposing minimum standard security controls that should be put in place for Group systems.
  • Assessing compliance with technical security policies and standards.

The Information Security Review (ISR) team is part of GIS and reports to the BoI Chief Information Security Officer. ISR has global responsibility for the delivery of Information Security change, review and assurance functions. ISR is responsible for the assessment of Project and Small Change, Firewalls, Restricted Software in relation to Information Security vulnerabilities and risks

The opportunity:

The consultant is responsible reviewing solutions and services being introduced to, or existing in the Bank, assessing them for any potential information security control gaps.

Location: This role is based in the IT Centre in Cabinteely.

Key Responsibilities:

  • Carry out objective assessment of the security aspects of a current or proposed solution to
    • identify all relevant Information Security components
    • assess compliance of solutions against all relevant BoI Info Sec standards and guidelines
    • identify all designed controls
    • identify all required controls
    • identify and document where the design introduces risk to Bank of Ireland or compounds an existing risk
    • ensure that the documented solution provides appropriate controls which are aligned to the business`s control requirements for the data assets being protected
    • document and agree gaps and recommendations
  • Assist the IT teams in securing a managed infrastructure and application penetration testing service to include
    • scoping a penetration test in conjunction with the relevant IT Team
    • selecting an appropriate vendor to perform a penetration test
    • interpreting any identified risks for the project team/business4. Carry out objective assessment of firewall change requests to ensure that each change or series of changes to firewalls:
  • Carry out objective examination and assess the appropriateness of mitigating operational controls to be implemented where an element or complete existing technical standard cannot be met due to operational or technical constraint.
  • Carry out objective assessment of firewall change requests to ensure that each change or series of changes to firewalls:
    • Conforms to IT Security policies & Standards
    • Identifies where the change introduces a risk to Bank of Ireland or compounds an existing risk
    • is aligned to the business`s control requirements for the data asset being accessed or transferred as defined by the data confidentiality /integrity / availability classifications.
  • Carry out objective assessment for examining and reporting on the appropriateness of the security controls implemented and executed by a web based solutions involving BoI date, such as:
    • host virtual infrastructure that processes, stores or transmits Bank of Ireland data (Amazon Web Services)
    • host a platform that runs software or services processing, storing or transmitting Bank of Ireland data (like Microsoft Azure)
    • host software that processes, stores or transmits Bank of Ireland data (like Cisco WebEx)
    • processes, stores, transmits or displays data that can be linked back to Bank of Ireland7. Assess Small Changes for their impact on the IT security posture of the BoI Network.
  • Carry out the weekly activities required to assess Restricted Software
  • Conduct knowledge sharing sessions
    • Mentor other team members and support them in all security activities.
    • Support Management with the embedding of Information Security culture and behaviours
    • Positive and proactive participation within the team and active collaboration with colleagues across the Group as appropriate.

    Essential Requirements:

    Skills & Experience

    • Subject Matter Expert in key IS areas.
    • Strong technical knowledge across a variety of platforms
    • Strong technical knowledge of network protocols and related technologies
    • Strong knowledge of Information Security best practice


    • Leaving certificate - minimum of 5 passes (grade D or above) at Ordinary Level, which must includeEnglish and Maths, or equivalent or superseding qualification

    Desirable Requirements:

    • 3rd level degree in a relevant discipline
    • Professional body certification - minimum ofSSCP or recognised equivalent
    • Experience across a number of relevant IT disciplines
    • Strong knowledge of Information Security best practice
    • Good knowledge of information security and risk control frameworks such as COBiT, ISO 27001, ISO 27002 is preferred but not essential

    Where Agency assistance is required Bank of Ireland Recruitment Team will engage directly with suppliers. Unsolicited CVs / profiles will not be accepted for this role.

    Bank of Ireland Group is an equal opportunities employer and is committed to fostering an inclusive workplace which values and benefits from the diversity of our workforce.

    Closing date: Jul 25, 2018
    Sign in with LinkedIn
    Autofill my information with LinkedIn
    Email me about jobs like this

    Not ?

    Thank you

    What happens next?

    You've seen your dream job, now what can you expect from the process?