ICT Lead Security Analyst

Date: 08-Jan-2023

Location: Dublin, Ireland

Company: Ornua Co-operative Limited



Join our dynamic, progressive team of ICT professionals in an environment where you can learn, grow, and create innovative technology solutions to help our business flourish. As Ornua’s ICT Security team is growing we are now looking for an ICT Security lead to join our team providing Information Security services data protection and identity management across our Enterprise estate.


In this role, the Lead Security Analyst will support the operational day-to-day security activities, serve as an internal information security subject matter expert, provide information security awareness, education and training in tandem with the group’s initiatives, support the ICT Audit program through participation or serving as the primary security lead in internal or external Audits and by providing technical input into new security solutions’ design and implementation.


The Lead role will work closely with the Global ICT Security Manager. The position plays a key role in the following areas:

  • Security Architecture & Strategy
  • Security Governance, Risk and Compliance
  • Threat Intel and Attack Surface Management
  • Prevent and Protect (Controls Assurance & Information Protection)
  • Detect and Respond (Incident Management & Cyber Forensics)
  • Identity and Access Management
  • Third-Party Security


Regardless of the specialisation, the lead ICT Security Analyst applies solid information security principles and best practices to their specific discipline. This includes the understanding of the application of security concepts including risk management, compliance, threat and vulnerability assessments, information protection and access control, security processes, policy, and standards.


The role will contribute to ICT/OT security organisation transformation and governance capabilities in the existing OT security practice. The role will play a direct role in supporting strategic industrial (OT) security programmes and cybersecurity governance and operating model transformation initiatives. The role will have a particular focus on Operational Technology, SCADA, and industrial site recovery.


Key Areas of Responsibility:


  • Perform security risk assessments of technology solutions and 3rd party providers to determine information security risks to the enterprise.
  • Work closely with Solutions Delivery, Infrastructure, Service Delivery, Legal and Procurement teams to drive the implementation of appropriate controls to comply with Ornua ICT’s policy/standards to reduce the security risk to an acceptable level.
  • Provide overall oversight to global and regional ICT Security Leads to ensure security risk assessments are performed consistently and timely.
  • Define and lead IAM and DLP security services for the enterprise.
  • Manage Ornua’s Information security maturity program across the enterprise to ensure security controls are effective and have associated operating procedures and processes.
  • The ability to analyse event and systems logs, perform forensic analysis and analyse malware, and other incident response related data, as needed.
  • Lead the incident response initiative by conducting evidence collection and containment and providing remediation assistance as needed.
  • Conduct threat hunting activities by proactively searching for Indicators of compromise and threats that may be evading the current set of security tools in place.
  • Proactively researching emerging threats and vulnerabilities to aid in the identification of cyber incidents.
  • Train, develop, mentor, and inspire cybersecurity colleagues in their area(s) of specialisation.
  • Developing ICS Control Frameworks, based on industry best practices as well as international and applicable national standards


Key Requirements:

  • Bachelor’s degree in ICT, computer science, information security or a related field.
  • Work experience in a Global company preferably Manufacturing Sector, working on globally scoped projects.
  • Working knowledge with at least some of the following infrastructure level security tools, such as Endpoint Detection and Response, Identity Management, Anti-Malware, Web Proxy, Firewalls, Security Information and Event Management, Cloud Access Security Broker, Data Leakage Prevention, Web Application Firewall, Multi-Factor Authentication, Data Rights Management etc.
  • Direct experience in Cybersecurity risk management practices and programs, Privacy by Design concepts, and conducting information security risk assessments or business impact assessments.
  • Experience with Microsoft Security Stack, Qualys, Azure Sentinel, Cortex XDR, Sentinel One and Industry Certifications are desirable
  • Support vulnerability management activities
  • Deep understanding of incident response best practices and processes
  • Experience with one or more Industry recognised ICT governance, control frameworks, and standards such as NIST CSF, CIS, ISO 27001, ISA/IEC 62443, GPDR etc.
  • Good knowledge and demonstrated experience in incident response tools, techniques and processes for effective threat containment, mitigation, and remediation.
  • Functional knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
  • Strong communication and interpersonal skills, including the ability to clearly communicate technical issues to a non-technical audience
  • Strive for continuous improvement across the delivery of the organisation’s security services
  • Support sites across organisations on the implementation of OT security solutions and detailed designs.


Considered Advantageous Certs:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • CompTIA Security+
  • Offensive Security Certified Professional (OSCP)
  • GIAC Security Essentials Certification (GSEC)
  • Microsoft Cybersecurity Architect
  • ISA/IEC 62443 Cybersecurity Expert
  • ITIL Foundation

Job Segment: Compliance, Information Security, Risk Management, Developer, Computer Forensics, Legal, Technology, Finance, Security