Ornua
Welcome to Ornua, a global leader in providing wholesome, natural dairy products to consumers and manufacturers. Discover more about our co-operative.
Ornua is a dairy co-operative which sells dairy products on behalf of its members, Ireland’s dairy processors and, in turn, Irish dairy farmers. It is Ireland’s largest exporter of Irish dairy products, exporting to 110 countries worldwide. Headquartered in Dublin, Ornua has annualised sales of over €3.5 billion and a global team of 3,000 employees.
Ornua is structured across two divisions: Ornua Foods and Ornua Ingredients. We operate from 10 business units worldwide, including 16 production facilities, and have sales and marketing teams working in-market across the globe in Africa, Asia, Germany, Ireland, the Middle East, Spain, the UK, and the US.
You may know us by our brands Kerrygold, Dubliner, Pilgrim’s Choice, Avantage, Forto, and BEO.
Ornua’s Values
At Ornua, our Values lie at the core of everything that we do and how we behave both individually and as a business. Our five values, and their underlying behaviours, encourage us to Seek and Embrace New Ideas, Make It Happen, Be Our True Selves, Show You Care and Achieve Great Things Together.
Ornua’s Growth
At Ornua, our co-operative ethos lies at the heart of how we do business. We care passionately about driving sustainable, profitable growth, underpinned by our ambitious ‘Path to Prosper’ strategy. We have delivered significant growth in our core business, and we have ambitious plans for continued growth over the next five years.
WHY THIS ROLE IS VALUABLE:
The IT Security Manager role is crucial for leading large-scale cybersecurity initiatives across various domains such as Endpoint Security, Data Security, Infrastructure Security, Cloud Security, and IAM. This role requires strategic and operational experience to lead the overall information security strategy, vulnerability management, incident management, and security monitoring. The ideal candidate should have strong leadership skills and a deep understanding of security protocols and technologies, particularly the ISO27001 standard.
KEY AREAS OF RESPONSIBILITY:
* Leadership and Communication: Engage with IT Senior Leadership and Group Executives to provide regular updates, identify risks, and ensure alignment with business goals.
* Thought Leadership: Provide expertise in SOC, Infrastructure Security, Cloud Security, Identity Management, and other cybersecurity domains. Offer guidance on industry best practices, standards, and emerging threats.
* Risk Management and Compliance: Identify and mitigate cybersecurity risks while ensuring compliance with internal and external security requirements. Serve as the primary IT contact for cyber risk assessment, monitoring, and reporting. Ensure alignment with internal and international security standards, including ISO 27001, EC ISA/IEC 62443, GDPR, and NIS 2 Directive.
* Security Awareness and Training: Develop and manage a company-wide security awareness program. Plan and monitor ongoing training for security staff to ensure they are up to date with the latest security practices and technologies.
* Reporting and Analysis: Prepare and present detailed reports on security operations, incidents, and trends to senior management.
* Security Monitoring and Assessment: Perform continuous security monitoring, risk assessments, and gap analyses to ensure compliance with regulatory requirements. Conduct regular vulnerability assessments, risk analysis, and penetration testing, providing the infrastructure team with actionable remediation guidance.
* Collaboration and Strategy: Collaborate with business groups to identify and mitigate current and emerging risks. Support the development of disaster recovery and business continuity plans for information security.
* Incident Management: Provide on-call support for security and network issues to ensure effective SOC operations. Oversee second-line response to security incidents, including forensic analysis and problem management.
* Vendor and Partner Management: Ensure technology partners and vendors adhere to company policies, procedures, and standards.
* Continuous Improvement: Stay informed on emerging cybersecurity threats, trends, and technologies to strengthen IT/OT security. Monitor environments for incidents, analyse logs, and investigate alerts using tools such as Armis Centrix.
KEY REQUIREMENTS:
* Education:
o Bachelor’s degree in computer science, Engineering, or a related discipline (Master’s degree preferred).
* Experience:
o 10+ years in IT security and related functions, with expertise in evaluating and deploying end-to-end cybersecurity solutions. Experience in ISO 27001 implementation and maintenance.
o 8+ years of expertise in evaluating and deploying end-to-end cybersecurity solutions, including endpoint protection, IDS/IPS, SIEM, DLP, MFA, encryption, and monitoring.
o 5+ years of experience designing, developing, implementing, and managing cybersecurity programs, including security education, incident response planning, and KPI reporting.
o Demonstrated experience in ISO 27001 implementation and maintenance.
* Technical Proficiency:
o Tactical management expertise in cybersecurity roadmap development, vulnerability remediation, and risk assessments.
o Proficiency in penetration testing (red, blue, purple teams), patch management, asset inventory, vendor assessments, data privacy (GDPR compliance), network segmentation, and social engineering prevention.
* Leadership & Communication:
o 5+ years of experience leading a team of minimum 5-6 employees in a previous role is mandatory.
o Experience influencing senior leadership on security strategies and outcomes.
o Strong communication and interpersonal abilities to collaborate effectively across all organizational levels.
* Personal Attributes:
o Capable of managing multiple projects and owning the IT risk register.
o Proactive, solution-oriented, and self-motivated with a high sense of responsibility.
* Industry Knowledge:
o Experience in global companies, preferably in the food/manufacturing sector, with exposure to major geographic regions.
o Familiarity with cybersecurity needs unique to these industries.
* Desired Certification but not mandatory:
o You will ideally have certification in one or some of the following or equivalent:
+ Certified Information Systems Security Professional (CISSP)
+ Certified Information System Manager (CISM)
+ Certified Information and Information Systems Control (CRISC)
#J-18808-Ljbffr