A world leader in the oil & gas industry is looking for a Cybersecurity Governance, Risk, and Compliance Manager to lead the development, implementation, and continuous refinement of its cybersecurity governance framework, risk management processes, and compliance activities. The ideal candidate is a visionary leader with a strategic mindset toward risk management, combined with the ability to communicate complex cybersecurity concepts. In a collaborative environment, the new leader will play a vital role in strengthening the company's cybersecurity posture and supporting its overall business objectives by ensuring cybersecurity strategies align with regulatory requirements and industry best practices.
Salary + Additional Benefits:
$160,000-$180,000 + Bonus
Full Benefits including Medical, Dental, Vision, FSA
25 days PTO
6% 401k employer contribution
Free lunch on Wednesdays
Onsite gym with free classes with an instructor
Work from Home Fridays
Location: Houston, TX
Type of Position: Direct Hire
Responsibilities:
Governance: Implement clear guidelines, policies, and standards to ensure that IT systems and data are used and secured properly. Establishment of best practices and protocols to ensure that all IT activities align with Seadrill's goals and objectives.
Directive Development: Create and review directives for OT and IT security.
Support on Cyber Strategic Planning: Align IT security strategies with business objectives and ensure adequate resources.
Performance Measurement: Use metrics and KPIs to assess the effectiveness of cybersecurity measures, and KRIs to help to predict and monitor potential future risks.
Risk Management Integration: Incorporate cybersecurity risk management into overall business risk strategies.
Awareness, Training, and Education: Educate employees about cybersecurity policies and best practices. Raise awareness, own the security awareness program, and ensure the workforce is properly trained and educated. Measure the effectiveness of awareness, training, and education programs.
Risk Management: Focus on identifying, assessing, and mitigating risks that could potentially harm company assets, reputation, or stakeholders. Understand the threats to IT infrastructure and data and take appropriate measures to reduce these risks to an acceptable level.
Risk Assessment: Identify and evaluate risks associated with IT systems and data.
Risk Mitigation Planning: Develop strategies to address identified risks, such as implementing security controls.
Continuous Monitoring: Regularly review and update risk assessments to address new threats.
Compliance: Ensure that company adheres to laws, regulations, and standards relevant to its industry and operations. It includes adherence to regulations like GDPR, LGPD, SOX, SEC Cyber Disclosure, etc.
Regulatory Compliance: Understand and adhere to legal, contractual, and regulatory requirements.
Standards Compliance: Follow industry standards such as NIST CSF, IEC 62443, ISO 27001, IADC Cybersecurity Guidelines.
Audits and Assessments: Serve as the central contact for all cybersecurity-related audits. Catalog all audits applicable to the company, comprehending their specific requirements. Streamline the processes for gathering audit evidence, aiming to efficiently meet auditor requirements. Proactively anticipate the needs and questions of auditors to facilitate smoother audit engagements. Explore and evaluate a GRC tool to enhance future compliance tracking and management. Oversee or assist in the conduct of audits, both to verify adherence to internal policies and to ensure compliance with external regulations.
Cybersecurity Program Management: Oversee the projects part of our program and all projects within the cybersecurity umbrella are effectively aligned, executed, and delivered.
Project Coordination and Management: Oversee various cybersecurity projects, from inception to completion, following the company Project Delivery Framework (PDF).
Ensure that projects are completed on time, within scope, and budget.
Stakeholder Communication: Act as the central point of communication for all cybersecurity projects. Regularly update stakeholders, including executive leadership and department heads, on project progress, risks, and milestones.
Performance Tracking and Reporting: Monitor and report on the progress of cybersecurity projects.
Requirements:
Degree or equivalent experience in computer science, networking, engineering, or another computer-related field (Higher degree preferred)
BSc or MSc degree in Information Security
CISSP - Certified Information Systems Security Professional desired
CISM - Certified Information Security Manager desired
CRISK - Certified in Risk and Information Systems Control desired
ITIL Foundation or higher certification desired
At least 5-7 years of experience in an information security role and demonstrate a clear understanding of security related issues
Experience in security controls design and operation
Experience in conducting risk assessments
Knowledge of ISO27001/2
Knowledge of Sarbanes Oxley
Knowledge of Data Privacy
Strong ownership of tasks and issues through to resolution (must demonstrate tenacity and persistence)
Excellent communication skills, relationship building, and interpersonal skills
Strong analytical skills
Able to multi-task and prioritize workload and a strong capability to manage and deliver multiple engagements simultaneously
Self-motivated and the ability to work under own initiative, with the ability to work individually and as part of a team
Due to the high volume of applications we typically receive, we regret that we are not able to personally respond to all applications. However, if you are invited to take the next step in the process, you will typically be contacted within one week of submitting your application.