Cybersecurity Compliance Team Member, CIO

Position Description

At ESB, we operate one of the most advanced and critical technology landscapes in Ireland. We manage a vast array of enterprise IT and OT technologies. These technologies reside in our state-of-the are data centres, in our power generation plants, and in our critical operations centres. In addition to enterprise IT applications, databases and platforms, we also operate critical SCADA systems, OT and Plant/Industrial Controls Systems and critical Telecoms systems – all requiring the appropriate level of security to protect our business.

The Cybersecurity Compliance team oversees, evaluates, and supports the documentation, assessment, and authorisation processes necessary to assure that existing and new Information Technology (IT) and Operational Technology (OT) systems meet the organisation's cybersecurity compliance requirements. The team manages the cybersecurity compliance framework, conducts cybersecurity compliance assessments and ensures appropriate treatment of cybersecurity compliance issues, and assurance from internal and external perspectives.  

In this role you will be part of a team responsible for cybersecurity compliance activities and applying ESBs compliance management framework with regards to technology and cybersecurity. You will be involved in the analysis, assessment and reporting of cybersecurity compliance, the efficacy of relevant mitigating controls and driving positive data driven change in the control environment if deficiencies are identified. You will be part of a team leading and improving the end-to-end journey of cybersecurity compliance management including cybersecurity compliance framework management, cybersecurity compliance assessments, metric definition, collection and reporting, driving appropriate cybersecurity compliance improvements and reporting across the ESB.

Key Responsibilities

• Contribute as part of a team of cybersecurity compliance analysts responsible for overseeing, operating, and continuously improving the ESB cybersecurity compliance framework, including the supporting plans, processes, and governance arrangements.
• Support and develop ESB’s cybersecurity related external regulatory compliance requirements such as Network and Information Security Directive (NIS2), Critical Entities Resilience Directive (CER), Artificial Intelligence Act (AI Act) and other regulatory cybersecurity compliance requirements.
• Support the management of ESB’s cybersecurity second line, helping business and technology teams embed in their processes the requirements necessary to operate and demonstrate compliance with ESB’s cyber policies and standards, across a large and diverse set of IT and OT assets, a large supply chain of third parties and partners supporting a wide array of activities.
• Support first line activities completing self-assessments for external competent authorities to demonstrate NIS2 compliance and audits of ESBs national critical infrastructure assets.
• Ensure the accurate and evidenced cybersecurity compliance assessments across IT & OT assets.
• Communicate cybersecurity compliance matters clearly and effectively to senior management, business leaders, asset owners, and custodians, ensuring stakeholders have a clear understanding of cybersecurity control compliance, effectiveness, and associated legal, regulatory, and contractual obligations.
• Act as a subject matter expert for Cybersecurity Compliance by Design within ESB technology teams (IT and OT), supporting system owners and project teams through forward planning, live assessments, and follow‑up actions, and working collaboratively with relevant functions to ensure timely closure of cybersecurity compliance issues in a complex and fast‑paced environment.

Experience and Qualifications

Essential

• A relevant third level qualification or equivalent work experience, with hands on knowledge of risk and compliance.
• Strong analytical skills and attention to detail, with the ability to research, assess, and document activities in line with established processes and procedures.
• Proven ability to plan, organise, and deliver work effectively, including managing multiple engagements simultaneously and working independently on complex assignments.
• Strong organisational and project management skills, with the ability to prioritise and multi task across competing demands.
• Ability to work effectively both independently and collaboratively as part of a team.
• Strong presentation, verbal, and written communication skills, with the ability to learn, understand, and clearly communicate key cybersecurity and risk management concepts to a range of stakeholders.
• A good understanding of emerging technologies and methodologies from a risk and compliance perspective (e.g. AI and cloud technologies), along with strong proficiency in the Microsoft Office suite, including Word, PowerPoint, Excel, Visio, and SharePoint.

Desirable

• Technical knowledge of a wide range of IT technologies, processes and controls.
• Previous experience working in a utility industry would be a bonus.
• CRISC, CISSP, CISA or similar certifications would be an advantage but not a requirement.
• Knowledge of cybersecurity concepts technologies.

Location 

This position will be based in ESB Head Office, 27 Fitzwilliam Street Lower, Dublin.

Smart Working at ESB is designed to make ‘in-person’ time together as purposeful as possible while also enabling the effective use of digital tools and hybrid arrangements to preserve our commitment to flexibility. The successful candidate may work flexibly within the jurisdiction where they have been employed, with attendance at the workplace for in-person collaboration at least two days per week. All Smart Working arrangements are subject to regular review based on the operational requirements of the role, the team, and the business.

Reporting To

The successful candidate will report to the cybersecurity compliance team lead.