About ComReg
The Commission for Communications Regulation (ComReg) is the statutory body responsible for regulating fixed and mobile communications, postal and premium rate services in Ireland. ComReg also manages Ireland's radio spectrum resource on behalf of the State.
Our mandate, which until recently has been to create a competitive marketplace, to protect and inform consumers, and to encourage innovation, is expanding into new areas as we take on statutory responsibilities in the fields of accessibility, cybersecurity, physical resilience, AI, cloud and data.
This is an exciting time of growth for ComReg as we will shortly take on new statutory responsibilities covering digital matters arising from EU legislation, including: the 2022 Network and Information Systems (NIS2) Directive, the Critical Entities Resilience (CER) Directive - addressing cybersecurity and network resilience - together with the EU Data Act, the EU AI Act, and the European Accessibility Act (EAA).
We are a professional, multi-disciplinary and diverse organisation, operating in a dynamic digital regulatory environment that is constantly evolving as we begin to regulate companies and organisations operating in the digital technology sector.
While our regulatory role is evolving, our fundamental mission remains the same. ComReg's mission is to implement effective regulation that supports the delivery of widespread, modern and resilient digital infrastructure, including communications networks, products, and services which, ultimately, benefit users.
Further information on ComReg is available here.
Cybersecurity and Resilience Regulation Division
ComReg has been designated as the NIS2 Directive National Competent Authority for the Digital Infrastructure, Digital Provider, ICT Service Management and Space sectors. Additionally, ComReg has been designated as the CER Directive National Competent Authority for the Digital Infrastructure Sector.
The designation of ComReg as the National Competent Authority for NIS2 and CER requires a new division to execute these additional regulatory functions. This division is known as the Cybersecurity and Resilience Regulation Division.
The Cybersecurity and Resilience Regulation Division responsibilities will include:
-
NIS2 supervision and enforcement
-
CER functions - Identification of Critical Entities and National Resilience Strategy etc
-
Engagement activities - national and international
-
Strategic Planning
Full details on our NIS2 and CER responsibilities are here
The role
The Head of Assessment and Audit is a critical role that will lead the design, development and execution of ComReg's inspection, audit and supervision functions under the NIS2 Directive. The role is responsible for ensuring the supervision of cybersecurity and resilience risk management measures across regulated entities including inspections, compliance assessments, managing audits and providing enforcement support.
The Head of Assessment and Audit will drive strategic risk-based security outcomes, lead multidisciplinary teams, advise internal stakeholders including Directors and Commissioners, and oversee the inspection, assessment and audit functions of NIS2.
The Head of Assessment and Audit will combine experienced technical expertise and understanding with experienced leadership and communication skills to enhance cybersecurity and resilience in the critical digital sectors in Ireland and across the European Union.
The Head of Assessment and Audit will have an extensive operational senior role including:
-
Provide leadership and senior management for the development, adoption and implementation of operational strategy/s to deliver the NIS2 assessment and audit functions including operational frameworks, processes, procedures, public consultations etc
-
Communicate assessment and audit strategy and strategic direction to internal and external stakeholders as required
-
Provide expert participation in key European working groups to develop cohesive, collaborative and strategic supervision frameworks;
-
Responsible for the development of the assessment and audit unit including operational plans for recruitment, development of required competencies and training pipelines;
-
Foster the creation of a cohesive, high-performing assessment and audit unit that integrates seamlessly within ComReg;
-
Actively shape a team culture of regulatory and technical excellence mirroring ComReg's existing exemplary regulatory reputation;
-
Management of Managers and Technical Advisors in the Assessment and Audit unit including delegation of appropriate responsibilities;
-
Deliver senior management of complex technical cybersecurity inspections and audits, including risk assessments, strategy development, governance design, and remediation planning
-
Lead and deliver the technical cross functional assessment and audit programmes with multiple workstreams of assessment and audit.
-
Lead, delegate and support technical interactions with regulated entities during the assessment and audit process when required;
-
Lead the development and implementation of the operational regulatory framework for the supervision and enforcement of entities in scope for NIS2;
-
Provide senior level support to enforcement actions in the Digital Infrastructure, Digital Providers, ICT Service Management and Space sectors.
-
Provide senior technical advice on cybersecurity assessment and audit programme to Director and Commissioner level to support organisational decision making;
-
Mentor and coach team members support capability development and continuous improvement.
-
Provide governance and management for financial planning for the assessment and audit unit, including budgeting, and forecasting to ensure fiscal responsibility and sustainability for the unit;
-
Support broader divisional needs which includes working closely with other "heads of function" to implement divisional strategy.
Essential criteria
-
Proven recent experience in senior role/s with demonstrable evidence of working within a regulatory/regulated environment in the area of cybersecurity and/or resilience with a focus on operational aspects including cybersecurity advisory/assurance, risk management leadership or enterprise security - within the Digital Infrastructure, Digital Providers, ICT Service Management and Space sectors is advantageous;
-
Extensive experience applying cybersecurity, risk and regulatory frameworks (e.g. ISO 27001, NIST, CSF, DORA, GDPR) in complex environments with a record of building and leading high-performing teams;
-
Experienced understanding of cybersecurity domains including:
-
Governance, Risk and Compliance (GRC);
-
Cloud security and zero trust architectures;
-
Identify and Access Management;
-
Threat management and Incident Response
-
Demonstratable ability to establish evidence-based assurance models, including documentation review, technical testing, and control validation
-
Experience working with European Union regulatory legislation including NIS, NIS2, DORA, GDPR or sectoral cybersecurity legislation.
-
Experience in analysis and interpretation of legislation and translating it into operational supervisory models and audit methodologies.
-
Professional accreditations such as ISO 27001 Lead Auditor, CISSP, CISM, CRISC, or CISA with senior experience in cybersecurity risk assessment, cybersecurity audit or IT audit.
-
Proven ability to engage at Director, Board, CISO or Commissioner level with excellent communication, interpersonal, and negotiation skills, and the ability to influence stakeholders at all levels;
-
Proven experience in the governance and management of financial planning budgeting, and forecasting processes to ensure fiscal responsibility and sustainability for a divisional structure.
-
Extensive experience leading and line managing a team of professionals.
Desired criteria
-
Master's degree (equivalent to level 9 on the NFQ) in science, technology, engineering, data analytics or another equivalent area/s and/or Cybersecurity leadership qualification;
-
Experience in leading and driving large scale regulatory driven security initiatives in either public or industry environment
-
Demonstratable senior level experience of regulatory supervision and enforcement in a cybersecurity and/or resilience environment;
-
Proven operational focused experience in the strategic development for new cybersecurity assessment and audit functions particularly in a regulatory /regulated environment;
Package
-
Salary €110,955.62 (entry will be at the minimum point and the rate of remuneration may be adjusted from time to time in line with Government pay policy.)
-
Dublin city centre location on Luas line
-
Blended working environment
-
28 days Annual Leave per year
-
Fully paid Maternity, Paternity and Parent's leave
-
Income protection scheme
-
Further Education and Training Opportunities
-
Professional membership fee pay
-
Membership of the Single Public Service Pension Scheme*
-
ComWell Wellbeing Programme
-
Travel tax saver scheme, access to Cycle to Work Scheme
-
Access to Employee Assistance Programme
-
Access to a members' run sports and social club
Core Competencies & Skills for the Role
-
Strategy and Leadership - Articulates future developments and applies this to operational situations. Creates a climate of cooperation and respect, where people strive to achieve common organisational goals and share knowledge. Takes a broad view.
-
Communication and Influencing - Communicates clearly, confidently and respectfully. Engages and influences others to follow a particular course of action. Ensures all relevant parties are appropriately updated and notified.
-
Decision Making and Judgement - Effectively uses evidence to support the decision-making process. Assesses alternative positions while using sound judgement to adapt to specific and challenging requirements of the organisation.
-
Analytical and Critical Thinking - Objectively analyses and evaluates information in order to identify patterns between situations that are not obviously related. Develops and clearly articulates solutions to complex problems.
-
People Skills - Uses interpersonal skills to create engagement and clarity. Manages conflict and implements practical solutions. Recognises the impact of own behaviour and adjusts as required. Actively develops others.
Check out the Recruitment section of our Careers website if you have any questions or need further information about the role or the recruitment process -https://www.comreg.ie/about/careers/recruitment-faq/
Please Note (1)
We hope that our recruitment process supports applications from candidates with diverse backgrounds, experiences and perspectives. We understand that having a diverse workforce contributes to making us stronger as an organisation. We are committed to positively supporting candidates with disabilities.
Please let us know if there are any reasonable accommodations we can make to enable you to take part in the process by creating the environment to give you the best opportunity to show your strengths and competencies. Rest assured that whatever information you disclose will only be used to enable us to provide the necessary support and will never have a bearing on the outcome of the process.
Please Note (2)
ComReg assesses all applicants fairly based on the requirements for the role. Due to the high volume of applications we receive for positions, we are unable to provide feedback to candidates who are not shortlisted for interview. If you are short-listed for interview, and are subsequently unsuccessful, you can request verbal feedback from your recruitment contact - if you are represented by an agency.
