Senior Information Security Specialist

Meta seeks a highly experienced and motivated security professional to fill the role of Senior Information Security Specialist in our Oversight Security Team. This team is dedicated to supporting Meta Platforms Ireland and WhatsApp Ireland through the operation of an oversight function to ensure the appropriateness of the security measures implemented for the secure processing of European User Data. The person in this role will provide oversight of the security for the entire Meta family of products (Facebook, Instagram, Messenger, Oculus, WhatsApp). This person will be focused on assessing and advising on security requirements to ensure compliance with European data protection and other regulations. This is a senior technical role, where the successful candidate will be required to routinely investigate, analyse and advise a wide range of technical and non-technical stakeholders on security matters. Meta recognises the importance of security, data protection and privacy to the billions of people who use its services and in ensuring compliance with data protection law including the EU’s General Data Protection Regulation (‘GDPR’). This individual will play a critical role in driving change and ensuring compliance with GDPR across all products for the Facebook family of companies.As a team, we optimise processes, elevate work through automation or tooling, and efficiently execute critical tasks. In this role, you will work closely with security engineers, analysts, technical program managers, business stakeholders, legal teams and risk & compliance teams.Meta welcomes applications from the widest range of individuals eligible to apply and particularly encourages applications from those who would increase the diversity of the company.

• Support the operation of the Oversight Security Team by advising and guiding the other team members.
• Actively engage with the management team in the strategic development of the Oversight Security Team.
• Identify and work with the management team to develop opportunities for growth of the Oversight Security Team.
• Engage with cross-functional stakeholders to define security, risk, and compliance requirements.
• Understand complex technical concepts and explain them to non-technical stakeholders.
• Understand and appreciate legal and regulatory requirements and map them to technical requirements.
• Support the preparation of responses to regulatory inquiries.
• Performing in-depth technical investigation and analysis, and produce written reports of findings.
• Lead cross-functional teams through full program lifecycles by defining scope/success criteria, setting expectations, establishing timelines, implementing solutions, and measuring success and lessons learned.
• Define processes end-to-end and drive improvements for maximum impact.
• Operationalise strategic security programs by making them efficient, scalable, and reliable.
• Develop, implement, and iterate on program management procedures, frameworks, and metrics to achieve business goals with defined success criteria.
• Identify program risks and drive the implementation of recommended mitigations.
• Drive cross-functional and effective communications throughout the program lifecycle, providing the visibility and transparency required to ensure cross-functional team and stakeholder alignment.
• Ensure smooth transitions of programs we are receiving or handing off.
• Develop, define and report on program health and success metrics.
• Be independent, results oriented, and thorough in examination and analysis.
• Adapt to dynamic situations and fully engage in the team’s proactive work ethic.

• 10+ years of work experience in information security, program/project management, or similar capacities.
• Strong understanding of information security concepts and ability to apply them at scale.
• Demonstrable experience independently investigating complex security matters, interpreting and mapping them to regulatory contexts and explaining the situation to both technical and non-technical stakeholders.
• Experience in technical concepts similar to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
• Written and verbal communication skills across technical and non-technical stakeholders and attention to detail. Written communication skill will be particularly relevant for this role.
• Experience performing information security risk assessments and control gap assessments.
• Analytical, problem-solving, negotiation and organisational skills with a clear experience focusing under pressure.
• Experience driving projects end-to-end independently, including evaluating, defining and improving end-to-end processes.
• Experience influencing stakeholders and partner teams, especially in collaborating with different individuals across the organisation and within other geographies.
• Experience managing competing priorities and simultaneous/concurrent projects in a fast-paced environment.
• Strategic thinker with analytical and technology focused problem-solving experience.
• Experience with demonstrating negotiation and conflict management.
• Experience with executing day-to-day activities required for the development and tracking of information security initiatives, including the communication and management of policies, controls, and practices.
• Experience in development of strategic roadmaps for security and privacy programs.
• Experience working with Security Controls across security domains such as Access Management, Encryption, Network Security, Data Security, Configuration Management, Vulnerability Management, Physical Security etc,
• Experience with working with leadership and engineers. Capable of both working independently and collaboratively across various levels and teams.

• BA/BS in Computer Science, Information Systems, or similar field (or BA/BS in Business with a minor in Computer Science, Information Systems, or similar field), or equivalent work experience
• Familiarity/experience with compliance programs such as GDPR, ISO27001, IS027018, SOC 2 and PCI
• A strong interest in the development of strategic frameworks and how they influence technology to deliver practical, commercial and creative approaches to ensure privacy compliance.
• Industry certifications such as SANS , CISSP ,CIPP/E