Lead for Information Security

dcbel Inc. (www.dcbel.energy) is a growing company developing technology and designing products that will make clean, efficient, and sustainable energy accessible to all - because everyone in the world deserves energy without compromise.

dcbel at the leading edge of the residential energy revolution, enabling decentralized energy consumption and production through its vertically integrated suite of energy hardware and software products, and their supporting infrastructure. Our flagship product, the dcbel Home Energy Station, is a small wall mounted device that gives everyone ownership over their energy supply by using solar power to charge their EV and home, unlocking their EV's battery for backup power (V2H), and optimizing the energy flow between their solar panels, EVs, backup battery and the grid.

The opportunity

dcbel is looking to hire a Lead of Information Security to work in our Information Services team, reporting to the Chief Information Officer. The Information Security Lead (ISL) will lead cyber security operational and improvement projects across dcbel to protect information assets and manage information security risks. Working with and reporting to the CSO, the ISL will help the group to establish compliance with information security standards and create a prioritised program of improvements and ensure implementation both technically and practically. The Information Security Lead will work closely with the Head of IS and Head of Software Engineer, Product Manager, Heads and Leads of all department to review IT security arrangements across existing activities, ensure that security is included by design in new projects and services.

Main responsibilities

• Review system security measures, design, and lead implementation of IT security systems and policies.
• Lead on development and delivery of measures and metrics to support the assessment, reporting and ongoing improvement of the information security posture of colleges.
• Develop close working relationships with the Head of IS, Head of Software Engineer, Product Manager, Heads and Leads of all department to deliver Information Security improvement objectives.
• Work closely with college stakeholders to keep abreast of planned changes to technologies, working practices, and business activities that could have an impact on group and individual Information Security or risk profiles.
• Audit controls via a security standard such as the NIST or ISO27001, providing advice to the Head of IS and IT Managers in mitigation options, suggesting and where appropriate, putting in place measures to satisfy control requirements.
• Work with the Data Protection Officer (DPO) and DPO Assistant to ensure that the group can meet Information Security requirements
• Manage and improve Identity and Access Management procedure
• Use influencing skills to ensure collaborative working to engender a level of quality improvement across the group.
• Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software as part of Privacy by Design and Default
• Manage and coordinate operational components of security incident management, including detection response and reporting.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk
• Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are following policies and audit requirements
• Review, escalate and action any unusual event behaviour identified through the groups information security systems.
• Create standards in system hardening, change management, documentation.
• Perform periodic firewall audits.
• Ensure disaster recovery and data restoration processes work.
• Ensure appropriate Corrective and Preventative Actions are implemented in line with best practice guidance

Key requirements

• A record of accomplishment in and experience of introducing Information Security Improvement through successfully designing, implementing, and improving IT security architecture and controls.
• Working technical knowledge in broad domains of IT infrastructure such as data networks, cloud server and desktop hardware and operating systems, storage and backups, and related monitoring and management systems.
• Demonstrable experience of applying security controls in one or more of the following areas: Unix/Linux Servers, Windows servers, firewalls, IDS/IPS, vulnerability management, WAF, Wi-Fi, mobile security, Data Loss Prevention, digital certificates, encryption and authentication techniques, forensics, and LAN / WANs.
• Solid understanding of security protocols, cryptography, authentication, authorisation, and security.
• High level of personal integrity, as well as the ability to handle confidential matters and show an appropriate level of judgment and maturity.
• Formal certification (CISSP, CISM or CRISC) and/or formal training in information security standards and best practice (e.g.: ISO 27001/2, COBIT).
• Working knowledge of managing relationships with suppliers.
• A passion for information security and a keen interest in IT.
• Demonstrable experience of leading and working as part of a team.

Bonus skills

• Bilingual English and French.

Profile

• Entrepreneurial mindset, result oriented and strong EQ.
• Autonomous, have ease in learning, good teammate, communication and problem-solving skills.
• Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences.
• Well-developed team skills to foster collective ownership and purpose.

What's in it for you

• Be part of a company that is backed by numerous globally respected investors and has world-changing patents in an industry changing for the first time in history.
• Grow your professional experience amongst blue chip partners and a close-knit team of committed and experienced energy experts who deeply care about the work they do.
• Full benefits package including Health insurance, Health virtual care, employee stock options plan (ESOP) and flexible hours. Parking available or with our employer commute program a short walking distance from Metro Namur.