Divisional Director Cybersecurity & Resilience Regulation

About ComReg

The Commission for Communications Regulation (ComReg) is the statutory body responsible for regulating fixed and mobile communications, postal and premium rate services in Ireland. ComReg also manages Ireland’s radio spectrum resource on behalf of the State.

Our mandate, which until recently has been to create a competitive marketplace, to protect and inform consumers, and to encourage innovation, is expanding into new areas as we take on statutory responsibilities in the fields of accessibility, cybersecurity, physical resilience, AI, cloud and data.

This is an exciting time of growth for ComReg as we will shortly take on new statutory responsibilities covering digital matters arising from EU legislation, including: the 2022 Network and Information Systems (NIS2) Directive, the Critical Entities Resilience (CER) Directive – addressing cybersecurity and network resilience – together with the EU Data Act, the EU AI Act, and the European Accessibility Act (EAA).

We are a professional, multi-disciplinary and diverse organisation, operating in a dynamic digital regulatory environment that is constantly evolving and changing as we begin to regulate companies and organisations operating in the digital technology sector.

While our regulatory role is evolving, our fundamental mission remains the same. ComReg’s mission is to implement effective regulation that supports the delivery of widespread, modern and resilient digital infrastructure, including communications networks, products, and services which, ultimately, benefit users.

Further information on ComReg is available here.

Cybersecurity and Resilience Division

ComReg has been designated as the NIS2 Directive National Competent Authority (NCA) for the Digital Infrastructure, Digital Provider, ICT Service Management and Space sectors. Additionally, ComReg has been designated as the CER Directive NCA for the Digital Infrastructure Sector.

The designation of ComReg as the NCA for NIS2 and CER requires a new division to be established to execute these additional regulatory functions. This division will be the known as the Cybersecurity and Resilience Division and will broadly have three distinct units – Cybersecurity, Resilience and Engagement – each currently planned to have an Operational Director in time.

The Cybersecurity and Resilience Regulation Division responsibilities will include:

• NIS2 compliance & enforcement
• CER function delivery – National Resilience Strategy
• Engagement activities – national and international
• Strategic Planning

Full details on our NIS2 and CER responsibilities are here.

The role

The Director of Cybersecurity & Resilience Regulation will act as a member of the ComReg Leadership Team (Commissioners and Directors) with responsibility for the development, implementation, leadership and governance of ComReg’s new Cybersecurity and Resilience Regulation Division.

This role is a career-defining opportunity for someone who wants a broader strategic remit and exposure to global regulatory and tech ecosystems by offering visibility across government, industry, and international bodies. The Director can play a significant role in establishing Ireland as a leader in digital infrastructure security and resilience.

The Director will have an extensive leadership role including the following:

Strategy & Leadership

• Representation and ownership as a member of the ComReg leadership team on all matters related to cybersecurity and resilience regulation as part of NIS2 and CER NCA functions;
• Develop, implement and communicate the strategy / strategic direction of the division;
• Strategic alignment, review and approval of significant annual work programme for multiple operational units;
• Sponsor strategic projects to ensure delivery of key action plan items.

Technical Knowledge & Continuous Improvement

• Prepare for and execute delegated powers in relation to NIS2 and CER (supervision, enforcement and engagement) on behalf of ComReg across the Digital Infrastructure, Digital Providers, ICT Service Management and Space sectors;
• Oversee the development, implementation and communication of the required frameworks and policies to meet regulatory obligations;
• Act as champion and leader for cybersecurity and resilience risk management regulatory remit;
• Translate/oversee translation of complex technical requirements for key decision-makers, ensuring clear communication;
• Understand and interpret the pan-European regulatory frameworks and governance structures, which impact Ireland and ComReg’s ability to provide effective regulation.

Engagement and Stakeholder Management

• Build and manage high-level strategic stakeholder relationships.
• Support Commissioners and represent ComReg at executive level engagements (CEO, key Government Officials, other NCAs leadership etc) with:
  • relevant government departments regarding cybersecurity and resilience regulation (including Department of Justice, Department of Culture, Communications and Sport, Department of Defence and the National Cyber Security Centre);
  • entities in scope for NIS2 including disputes;
  • other relevant European agencies due to ComReg pan-European regulatory role, including disputes.
• Executive level public engagement on NIS2 and CER including events, media and other required channels.

Other

• Management of Operational Directors in the Cybersecurity and Resilience Regulation Division including delegation of appropriate responsibilities;
• Review and approval of forecasted budgets to support the execution of obligations across multiple operational units;
• As a start-up division, the role will initially include broader operational responsibilities to support set up and delivery.

Please note: The above is a general guide to the key duties and responsibilities of the role and is not an exhaustive description, therefore other/additional duties and responsibilities appropriate to the role may be assigned.

 Qualifications and Experience

• Proven experience (10+ years) in Director/senior leadership in Cybersecurity and/or Resilience governance, ideally with board level reporting or oversight responsibilities and within the Digital Infrastructure, Digital Providers, ICT Service Management or Space sectors.
• Technical understanding and continuing professional development in relevant areas of cybersecurity, digital infrastructure and relevant sectors, regulatory frameworks or risk management (identification of risks and mitigation/remediation with entities).
• Experience and understanding of the positive impact of implementation of regulatory frameworks providing leadership in complex, multi-stakeholder environments using in-depth knowledge of regulatory compliance and enforcement frameworks, cybersecurity and resilience legislation and governance best practice.
• Proven ability to build and sustain strategic relationships across all levels of organisations – experience with government departments and EU institutions is an advantage.
• Demonstrated capability to develop and execute strategic and operational plans while navigating ambiguity and establishing new functions/functional elements.
• Demonstrated ability to lead and inspire multidisciplinary teams, drive organisational development, and foster a culture of collaboration and innovation.

Location & remuneration

• Salary €180,150 to €225,187 (Candidates should note that entry will be at the minimum of the scale unless transferring from a current public sector role. The total remuneration may be adjusted from time to time in line with Government pay policy as applying to public servants generally). Subject to satisfactory performance, increments may be awarded annually.
• Dublin city centre location on Luas line
• Blended working environment
• 28 days Annual Leave per year
• Fully paid Maternity, Paternity and Parent’s leave
• Income protection scheme
• Further Education and Training Opportunities
• Professional membership fee pay
• Membership of the Single Public Service Pension Scheme*
• ComWell Wellbeing Programme
• Travel tax saver scheme, access to Cycle to Work Scheme
• Access to Employee Assistance Programme
• Access to a member’s run sports and social club

* Superannuation – An individual who is a new entrant for the purposes of the Public Service Pensions (Single Scheme and Other Provisions) Act 2012 will be a member of the Single Public Service Pension Scheme, which commenced from 1 January 2013.  An individual who was a member of a “pre-existing public service pension scheme” as construed by the Public Service Pensions (Single Scheme and Other Provisions) Act 2012 and who does not qualify as a new entrant for the purposes of that Act will be a member of the ComReg superannuation scheme.

The Individual

Essential criteria

• Proven experience (10+ years) in Director/senior leadership in Cybersecurity and/or Resilience governance, ideally with board level reporting or oversight responsibilities and within the Digital Infrastructure, Digital Providers, ICT Service Management or Space sectors.
• Technical understanding and continuing professional development in relevant areas of cybersecurity, digital infrastructure and relevant sectors, regulatory frameworks or risk management (identification of risks and mitigation/remediation with entities).
• Experience and understanding of the positive impact of implementation of regulatory frameworks providing leadership in complex, multi-stakeholder environments using in-depth knowledge of regulatory compliance and enforcement frameworks, cybersecurity and resilience legislation and governance best practice.
• Proven ability to build and sustain strategic relationships across all levels of organisations – experience with government departments and EU institutions is an advantage.
• Demonstrated capability to develop and execute strategic and operational plans while navigating ambiguity and establishing new functions/functional elements.
• Demonstrated ability to lead and inspire multidisciplinary teams, drive organisational development, and foster a culture of collaboration and innovation.

Desired criteria

• Third level Degree (Masters preferred) in Cybersecurity, computer science, or a related relevant area/s;
• Relevant certifications such as CISSP, CISM, CISA, CEH, CGEIT, OSCP, CCSK, CCNP etc. or equivalents;
• Experience working in a regulatory environment;
• Experience working in / with Public Sector or Government in Ireland or EU.

Core Competencies & Skills for the Role

• Strategy and Leadership – Articulates future developments and applies this to operational situations. Creates a climate of cooperation and respect, where people strive to achieve common organisational goals and share knowledge. Takes a broad view.
• Communication and Influencing – Communicates clearly, confidently and respectfully. Engages and influences others to follow a particular course of action. Ensures all relevant parties are appropriately updated and notified.
• Decision Making and Judgement – Effectively uses evidence to support the decision-making process. Assesses alternative positions while using sound judgement to adapt to specific and challenging requirements of the organisation.
• Analytical and Critical Thinking– Objectively analyses and evaluates information in order to identify patterns between situations that are not obviously related. Develops and clearly articulates solutions to complex problems.
• Technical Knowledge & Continuous Improvement – Possesses a command over the technical and professional skills for a particular discipline. Keeps an open mind. Demonstrates commitment to continuous improvement.
• Teamwork – Promotes and enhances team performance through working collaboratively and in cooperation with others to achieve goals. Interacts in a manner that builds respect and fosters trust.

Contact details

For a conversation in confidence, please contact: Freya McMorrow, Research Consultant, Freya.McMorrow@odgers.com