Petrofac is a leading international service provider to the energy industry, with a diverse client portfolio including many of the world\xe2\x80\x99s leading energy companies.

We design, build, manage and maintain infrastructure for our clients. We recruit, reward, and develop our people based on merit regardless of race, nationality, religion, gender, age, sexual orientation, marital status, or disability. We value our people and treat everyone who works for or with Petrofac fairly and without discrimination.

The world is re-thinking its energy supply and energy security needs, planning for a phased transition to alternative energy sources. We are here to help our clients meet these evolving energy needs.

This is an exciting time to join us on this journey.

We support flexible working requests and have adopted a hybrid approach for most of our office-based roles. We ask employees to be present in the office at least three days per week.

Are you ready to bring the right energy to Petrofac and help us deliver a better future for everyone?

JOB TITLE: IT LEAD \xe2\x80\x93 CYBER SECURITY

KEY RESPONSIBILITIES:

Design and Implement Security Controls for any new infrastructure implementation.

Understand and documents Security requirements from various stakeholders like Customers, Regulators, and Internal stakeholders.

Work closely with Security, IT and OT vendors to ensure all implementations are according to the Security requirements of the Project and agreed specifications.

Develop and run security testing framework.

Develop and run a secure configuration management framework.

Perform firewall rule base reviews and other secure configuration reviews.

Develop and Report security metrics on implementation projects.

Develop and Report metrics on Internal and External Cyber Posture.

Review Remote Access Privileges.

Manage Privileged Machine and Human Identities.

Experience in handling Cyber Security Incidents

Ensure the operations are running efficiently and within budget.

Ability to come up with innovative solutions to complex problems.

ESSENTIAL QUALIFICATIONS AND SKILLS:

Certification in CISM/CISSP or a similar level of Security certification.

7-10 years of experience as an Information Security Officer (or) in similar roles and project management experience to deliver, as stated in the client contracts.

Good Knowledge of various Endpoint, Network and System security controls.

Knowledge of Industrial OT systems, SCADA, IoT devices and the related OT frameworks like CISA Cybersecurity Best Practices for Industrial Control Systems, NCSC Cyber Security Design Principles, ISA/IEC 62443 Standards for Security of Industrial Automation and Control Systems, Purdue models are added advantage.

Good technical and trouble-shooting ability

Ability to work in a complex and large enterprise environment.

Ability to interact with staff, peers, and customers on a technical and professional level.

Experience of working in large enterprise Project teams with proven ability to work collaboratively with other departments to resolve complex issues with innovative solutions.

Experience in deploying large and complex security projects in an enterprise environment.

Should be hands-on and has the ability to work independently.

Will be a single point of contact for Information Security requirements for any implementation project.

Should liaise with various teams i.e., Petrofac IT & Cyber Security team, Petrofac Project team, and Client team and understand the various project requirements and deliverables required in each stage of the project.

Should report periodically on project health and security metrics of the project.

Perform the role of a trusted adviser to senior business and technology stakeholders and provide a broad knowledge of security strategies, policies, processes, architecture, and road maps to enable divisions/businesses to understand and meet security requirements.

Should work closely with the business and client, supporting to operate within the information security risk appetite.

Should track Cyber threats, Updates, and security issues.

Conducts periodical risk assessments of infrastructure and data - identifying potential vulnerabilities and exposures and implementing solutions to remediate.

Evaluate the effectiveness of existing security measures & monitors compliance with Information Security policies.

Maintain a risk register for Security Risk in any implementation project.

Implements the recommendations from independent assessments and audits.

Produces regular reports and analytics on internal and external cyber/ information security threats.

Provides advice on best practices and standards on security and risk in IT.

Ensure project Information Security SLA\xe2\x80\x99s metrics, and KPI are met.

#LIVV2

Additional Information

Petrofac