Daily management and leadership of existing Information Security Team
Delivery of established corporate-wide information security framework (including IT/OT cyber security) covering in particular the security strategies, the related policies and procedures as well as the necessary standards and guidelines.
Identify, evaluate and report on information security risks in a manner that meets compliance and regulatory requirements;
Lead or participate to relevant projects in order to control or improve security and ensure the compliance with the information framework.
Preparation, review and maintenance of documents, policies, standards and reports as required to support the Cyber security program
Define and implement an incident response plan and establishes an Computer Incident Response Team (CIRT) to respond to computer security incidents and coordinate with the Emergency Management Team
Leads Cybersecurity Incident Response cases, in conjunction with Emergency Management processes
Development of Disaster Recovery Plans aligned to business continuity requirements
Provides subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 27001, CobiT, ITIL and as well IEC 62443 and NIST SP800 for industrial cyber security.
Coordinates and participates in regular audits through internal and external resources to assess information & cyber security performance and compliance with applicable laws, regulations and policies.
Develops Information Security awareness through targeted change and training campaigns.
Candidate Requirements / Specification
12+ years’ management experience in a similar role, in large enterprise environments (>1000
users), with multiple geographic locations. Oil and Gas experience (or manufacturing industries)
Demonstrated management / leadership of teams is required
Strong communication skills, including written, oral and presentation skills. Fluent in English.
Graduate and/or Master’s Degree qualifications in Computer Science or related discipline required
Knowledge of IT/OT Cybersecurity is required (e.g. ISO 27001, ISA99/IEC 62443) Professional certifications in Information Security required (CISSP or CISM as a minimum), OT
Certification i.e. GICSP would be an advantage
Understanding and experience of Information Security discipline, governance, processes, and best
practices including: Risk Management, Change Management and Business Continuity and Audit
Knowledge of Enterprise technologies and security controls (including PKI, Antivirus, Antimalware,
proxies, web filtering and firewalls)
Exposure to project management is desirable