Cyber Security Engineer, Cumnor

Kemp House, Chawley Park, Cumnor, Oxford

Reporting to:

Chief Information Officer

Job Summary

To support and evolve our web-based Supplier Information & Risk management systems and business offerings

Cyber Security Engineer

The Cyber Security Engineer is responsible for establishing and maintaining the enterprise vision, strategy, and programme to ensure information assets, technologies, and data are adequately protected.

This role will lead the organisation’s cybersecurity strategy in alignment with Irish and EU regulatory requirements including GDPR, NIS2 Directive, DORA (where applicable), and Central Bank of Ireland guidance (if regulated). The Cyber Security Engineer will work closely with executive leadership and the Board to manage cyber risk and ensure resilience across the organisation.

Key Responsibilities 1. Cybersecurity Strategy & Governance

• Develop, implement, and maintain the enterprise-wide information security strategy.
• Align security initiatives with business objectives and risk appetite.
• Establish and maintain security governance frameworks (e.g., ISO 27001, NIST CSF, Cyber Essentials).
• Report regularly to the Executive Team and Board on cybersecurity posture and risk.
• Lead enterprise cyber risk assessments and mitigation programmes.
• Ensure compliance with:
• GDPR and Data Protection Commission guidance
• NIS2 Directive (where applicable)
• DORA (for financial services organisations)
• Oversee third‑party and supply chain security risk management.
• Lead audit engagements and regulatory inspections related to cybersecurity.

3. Security Operations & Incident Response

• Oversee security operations including SOC, threat detection, and vulnerability management.
• Develop and maintain incident response and crisis management plans.
• Lead response to major security incidents and coordinate with regulators and law enforcement where necessary.
• Ensure business continuity and disaster recovery capabilities are robust and tested.

4. Architecture & Engineering Oversight

• Provide security architecture oversight for cloud, on‑premises, and hybrid environments.
• Oversee identity and access management (IAM) and zero‑trust initiatives.

5. Data Protection & Privacy

• Work closely with the Data Protection Officer (DPO) to ensure technical and organisational measures are appropriate.
• Ensure strong data classification, encryption, and retention controls.
• Develop cybersecurity awareness programmes across the organisation.
• Foster a strong security‑first culture.

Required Experience & Qualifications

• Bachelor’s in Information Security, Computer Science, Engineering, or related field.
• Relevant professional certifications such as:
• CISSP
• CISM
• CRISC
• CISA

Experience

• 10+ years in information security, with at least 5 years in a cybersecurity engineering role.
• Experience operating in regulated environments (e.g., financial services, healthcare, telecoms).
• Strong knowledge of cybersecurity regulatory frameworks.
• Proven experience leading incident response at enterprise scale.
• Experience reporting to Board‑level stakeholders.

Technical Expertise

• Security frameworks: ISO 27001, NIST CSF, COBIT
• Cloud security (AWS, Azure, GCP)
• Identity & Access Management (IAM)
• SIEM, SOAR, EDR/XDR platforms
• Threat intelligence and vulnerability management
• Data protection technologies
• Secure SDLC and DevSecOps practices
• Strategic thinker with strong commercial awareness
• Excellent communication and stakeholder management skills
• Strong leadership and team development capability
• High integrity and ethical standards
• Crisis management expertise
• Ability to influence at Board and Executive level

#J-18808-Ljbffr