Divisional Director Cybersecurity & Resilience Regulation

About ComReg

The Commission for Communications Regulation (ComReg) is the statutory body responsible for regulating fixed and mobile communications, postal and premium rate services in Ireland. ComReg also manages Ireland’s radio spectrum resource on behalf of the State.

Our mandate, which until recently has been to create a competitive marketplace, to protect and inform consumers, and to encourage innovation, is expanding into new areas as we take on statutory responsibilities in the fields of accessibility, cybersecurity, physical resilience, AI, cloud and data.

This is an exciting time of growth for ComReg as we will shortly take on new statutory responsibilities covering digital matters arising from EU legislation, including: the 2022 Network and Information Systems (NIS2) Directive, the Critical Entities Resilience (CER) Directive – addressing cybersecurity and network resilience – together with the EU Data Act, the EU AI Act, and the European Accessibility Act (EAA).

We are a professional, multi-disciplinary and diverse organisation, operating in a dynamic digital regulatory environment that is constantly evolving and changing as we begin to regulate companies and organisations operating in the digital technology sector.

While our regulatory role is evolving, our fundamental mission remains the same. ComReg’s mission is to implement effective regulation that supports the delivery of widespread, modern and resilient digital infrastructure, including communications networks, products, and services which, ultimately, benefit users.

Further information on ComReg is available here. 

Cybersecurity and Resilience Division 

ComReg has been designated as the NIS2 Directive National Competent Authority (NCA) for the Digital Infrastructure, Digital Provider, ICT Service Management and Space sectors. Additionally, ComReg has been designated as the CER Directive NCA for the Digital Infrastructure Sector.

The designation of ComReg as the NCA for NIS2 and CER requires a new division to be established to execute these additional regulatory functions. This division will be the known as the Cybersecurity and Resilience Division and will broadly have three distinct units – Cybersecurity, Resilience and Engagement – each currently planned to have an Operational Director in time.

The Cybersecurity and Resilience Regulation Division responsibilities will include:

• NIS2 compliance & enforcement
• CER function delivery – National Resilience Strategy
• Engagement activities – national and international
• Strategic Planning

Full details on our NIS2 and CER responsibilities are here.

THE ROLE

The Director of Cybersecurity & Resilience Regulation will act as a member of the ComReg Leadership Team (Commissioners and Directors). The Director will be central in defining and communicating the strategic direction and value-add for ComReg’s Cybersecurity & Resilience Regulation Division and will be ComReg’s champion and leader for Cyber Risk Management, with specific remit for providing oversight and strategic input into all aspects of information security and cybersecurity risks across the digital infrastructure, ICT service management, digital providers, space, postal and courier services sectors. Given Ireland’s status as a top European technical hub, the Director, along with his/her team will also be actively involved in pan-European regulation and collaboration with other authorities.

The Director will be accountable for all aspects of compliance relating to cybersecurity risk measures for entities within ComReg’s regulatory scope and will provide robust challenge, support, and insights to further promote best practices and risk mitigation for these sectors.

This role offers a striking opportunity for someone seeking a challenging and rewarding strategic remit with exposure to global regulatory and tech ecosystems. The Director will play a leading role in establishing Ireland as a driver of cybersecurity and resilience.

This is a senior regulatory leadership role, requiring strong experience in regulation or regulated environments, supported by sufficient technical understanding of cybersecurity and resilience to provide effective oversight, challenge and strategic direction. The Director will lead and work closely with specialist teams of regulatory and technical experts and will be expected to exercise sound judgement, informed decision making and strategic leadership and will be expected to build additional knowledge over time as the regulatory framework and operating model mature.

The Director will have an extensive leadership role including the following:

STRATEGY & LEADERSHIP

• Representation and ownership as a member of the ComReg leadership team on all matters related to cybersecurity and resilience regulation as part of NIS2 and CER National Competent Authority (NCA) functions;
• Develop, implement and lead the strategic direction of the division;
• Strategic alignment, review and approval of significant annual work programme for multiple operational units;
• Sponsor strategic projects to ensure delivery of key action plan items.

TECHNICAL KNOWLEDGE & CONTINUOUS IMPROVEMENT

• Execute powers in relation to NIS2 and CER (supervision, enforcement and engagement) on behalf of ComReg across the Digital Infrastructure, Digital Providers, ICT Service Management and Space sectors;
• Lead the development, implementation and communication of the required frameworks and policies to meet regulatory obligations;
• Be the ComReg champion and leader for cybersecurity and resilience risk management regulatory remit;
• Communicate complex technical requirements for key decision-makers, ensuring a common understanding;
• Be adept in the pan-European regulatory frameworks and governance structures, which impact Ireland and ComReg’s ability to provide effective regulation.

ENGAGEMENT AND STAKEHOLDER MANAGEMENT

• Build and maintain high-level strategic stakeholder relationships;
• Support Commissioners and represent ComReg at executive level engagements (CEO, key Government Officials, other NCAs’ leadership etc) with:
  • relevant government departments regarding cybersecurity and resilience regulation (including Department of Justice, Department of Culture, Communications and Sport, Department of Defence and the National Cyber Security Centre);
  • entities in scope for NIS2 and CER;
  • other European agencies given ComReg’s pan-European regulatory role.
• Executive level public engagement on NIS2 and CER including events, media and other channels.

OTHER

• Management of Operational Directors in the Cybersecurity and Resilience Regulation Division and delegation of appropriate responsibilities;
• Review and approval of forecasted budgets to support the execution of obligations across multiple operational units;
• As a start-up division, the role will initially include broader operational responsibilities to support set up and delivery.

Please note: The above is a general guide to the key duties and responsibilities of the role and is not an exhaustive description, therefore other/additional duties and responsibilities appropriate to the role may be assigned.

LOCATION & REMUNERATION

• Salary €181,951 to €227,439 (Candidates should note that entry will be at the minimum of the scale unless transferring from a current public sector role. The total remuneration may be adjusted from time to time in line with Government pay policy as applying to public servants generally). Subject to satisfactory performance, increments may be awarded annually.
• Dublin city centre location on Luas line
• Blended working environment
• 28 days Annual Leave per year
• Fully paid Maternity, Paternity and Parent’s leave
• Income protection scheme
• Further Education and Training Opportunities
• Professional membership fee pay
• Membership of the Single Public Service Pension Scheme*
• ComWell Wellbeing Programme
• Travel tax saver scheme, access to Cycle to Work Scheme
• Access to Employee Assistance Programme
• Access to a member’s run sports and social club

* Superannuation – An individual who is a new entrant for the purposes of the Public Service Pensions (Single Scheme and Other Provisions) Act 2012 will be a member of the Single Public Service Pension Scheme, which commenced from 1 January 2013.  An individual who was a member of a “pre-existing public service pension scheme” as construed by the Public Service Pensions (Single Scheme and Other Provisions) Act 2012 and who does not qualify as a new entrant for the purposes of that Act will be a member of the ComReg superannuation scheme.

ESSENTIAL CRITERIA

• Proven experience (10+ years) in Director/senior leadership roles that included cybersecurity and/or resilience governance, ideally with board level reporting or oversight responsibilities, within the Digital Infrastructure, Digital Providers, ICT Service Management or Space sectors.
• Demonstrated technical understanding of cybersecurity and/or resilience risk that is sufficient to provide executive oversight, regulatory judgement and strategic direction, including the ability to challenge, interrogate and guide specialist technical teams and regulated entities.
• Experience and understanding of the positive impact of implementation of regulatory frameworks providing leadership in complex, multi-stakeholder environments using in-depth knowledge of regulatory compliance and enforcement frameworks, and governance best practice.
• Proven ability to build and sustain strategic relationships across all levels of organisations.
• Demonstrated capability to develop and execute strategic and operational plans while navigating ambiguity and establishing new functions/functional elements.
• Demonstrated ability to lead and inspire senior experts, multidisciplinary teams, drive organisational development, and foster a culture of collaboration and innovation.

DESIRABLE

• Experience working in a regulatory environment.
• Third level Degree (Masters preferred) in cybersecurity, computer science, or a related relevant area/s.
• Relevant certifications such as CISSP, CISM, CISA, CEH, CGEIT, OSCP, CCSK, CCNP etc. or equivalent.
• Experience working in / with public sector or Government in Ireland, the EU or other European jurisdiction.
• Experience contributing to the establishment or maturing of new regulatory regimes, organisations or functions.

CORE COMPETENCIES & SKILLS FOR THE ROLE

Strategy and Leadership – Articulates future developments and applies this to operational situations. Creates a climate of cooperation and respect, where people strive to achieve common organisational goals and share knowledge. Takes a broad view.

Communication and Influencing – Communicates clearly, confidently and respectfully. Engages and influences others to follow a particular course of action. Ensures all relevant parties are appropriately updated and notified.

Decision Making and Judgement – Effectively uses evidence to support the decision-making process. Assesses alternative positions while using sound judgement to adapt to specific and challenging requirements of the organisation.

Analytical and Critical Thinking – Objectively analyses and evaluates information in order to identify patterns between situations that are not obviously related. Develops and clearly articulates solutions to complex problems.

Technical Knowledge & Continuous Improvement – Possesses a command over the technical and professional skills for a particular discipline. Keeps an open mind. Demonstrates commitment to continuous improvement.

Teamwork – Promotes and enhances team performance through working collaboratively and in cooperation with others to achieve goals. Interacts in a manner that builds respect and fosters trust.

CONTACT DETAILS

For a conversation in confidence, please contact:

Siobhan Walsh

Research Partner

Siobhan.Walsh@odgers.com