Hybrid remote, 2 days a week onsite at Dublin City Center. The company is looking to establish a cyber security posture management team including the role of Threat & Compliance Intelligence Officer responsible for dealing with external organizations and ongoing internal communications. There is a requirement for strong analytical skills as well as an awareness of the threat landscape across the Company's technical stack as well as how interactions between threats can indicate increased risk. It is a mandatory requirement, that the Resource proposed has the equivalent of 4 years of Cybersecurity experience with demonstrable experience in Threat Intel management. Key Deliverables: A threat intel management platform both for external feeds to be processed and an internal source of threat intel for stakeholders Delivery of accurate and relevant alerts to stakeholders with appropriate level of priority Prioritization of security testing based on observed intel and Risk Model details Periodic reporting on Cyber Security Posture within the Company Develop and maintain a cybersecurity threat profile to assist in Risk analysis. Experience/Competencies/Skillsets apply to this Role: Demonstrable experience of threat Intel management in an environment that is Iso or NIST-aligned Experience in penetration testing involving any or all of: A- Web application (Java, PHP, Angular) B - Infrastructure (network, windows, Linux, database) C- API / Cloud (AWS, GCP, Azure) Experience with the application of the MITRE Att&ck framework Evidence of compliance experience with laws or standards Report writing and delivery of results Working as part of a team to deliver cross-discipline projects Experience working in a secure data center or Fintech environment Experience working with Cloud environments The Threat and Compliance Intel Officer is required to provide analysis and assessment of threat intel in a format that can be consumed by other services. The role is also responsible for ensuring internal compliance with security best practices and relevant legal and standards requirements. This is a technical role with a requirement for hands-on assessment and will work closely with the Cyber Security Risk Officer. The Responsibilities of the Role and the activities that will be required are: Threat Intel vendor management Security must act as a central processing unit to identify reliable sources of intel and maintain a method of testing veracity. By maintaining a proper threat intel process and record we can provide feedback, identify sources that are no longer required and provide information that is timely and accurate. The officer will also manage all upstream communications with vendors. Threat Intel processing Taking in Intel source feeds and converting them into actionable information. Extracting Indicators of compromise that can be used for threat hunting and pre-emptive defense. This task will also require the officer to correctly communicate identified threats to relevant parties in a format that best suits their ability to action. This activity will involve the establishment and maintenance of MISP Server and related feeds. Security-related Legislative Compliance advisory keeps up to date on existing and upcoming legislation that may impact how the Company operates, monitors, and reports. Internal Policy advisory provide input into policy to determine accuracy and applicability as well as how it can be enforced or monitored. Policy exceptions and exemptions need to be assessed and recorded before being accepted by policy owners. Regular Technical Testing on internal systems Practical assessments of security requirements for systems. Requires infrastructure/platform penetration testing knowledge and knowledge of relevant standards. Internal Test management In coordination with the Risk Officer, Develop and Maintain a testing strategy that is non-disruptive but still ensures risk-prioritised coverage. Set tasks and goals for assessment that must be reported on to ensure progress and provide evidence to audit assessment and compliance. Reporting findings to system owners and ensuring that any issues are correctly entered into the RVM process. Advise on remediation and best practise. Company Risk Posture management (Risk and Vulnerability management) Coordinating with the Cyber Risk Officer to ensure the Risk model is accurate and up to date. Actively contribute to the RVM lifecycle process. Manage and co-ordinate communications with stakeholders Project input provide insight, co-ordination and input into projects at project initiation/HLD stage. This will require an ability to read and review project plans and provide feedback or ask for clarifications. Participate in projects that require security input and activities and provide support for other teams to ensure security by design principles are adhered to Skills: cybersecurity security architect infrastructure