Job Description

Primary Purpose of the Job:

Governance and execution of the Information Security Management System (ISMS) including developing

policies,standards and procedures required for the corporate information security in both an Information

technology (IT) and Operational Technology (OT) capacity.

Define required information security policies, standards and procedures related to their areas of operation as well as

raising awareness of those polices, standards and procedures.

Ensure adequate an effective IT controls exist to meet applicable current and future security compliance requirements.

Conduct compliance and operational maturity assessments to ensure optimal operation of the information and

operational technology environments under the guidelines of the ISMS.

Develop reporting Metrics, dashboards and evidences of compliance activities.

Coordinate with IT stakeholders, project managers, and business owners to facilitate vendor risk assessments, due

diligence review and security requirements definition. Maintain third-party assessment documentation.

Stay updated on the latest security trends, emerging threats and best practices to continuously improve the overall

security posture.

Coordinate and align activities between Information Security and Business Continuity, and liaise within IT Department

to ensure business continuity and disaster recovery plans are in place, tested, and report regularly.

Carry out other Security related activities as assigned by team Lead.


Required Experience and Skills:

10+ years of relevant professional experience.

Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas. Experience with and understanding of customized information security management systems. Experience in defining Governance, Risk, and Compliance (GRC) processes and leveraging industry-standard GRC

tools and products.

Knowledge of information security capabilities and requirements analysis. Knowledge of relevant state laws, industry regulations, and security standards. Excellent written, verbal and presentation communication skills.
Educational Qualifications:

Bachelor degree in information security, computer science, or engineering.

Professional certifications in information security management and standards compliance (e.g., CISSP, CISM,

CRISC, GIAC, ISO27001, etc.) and experience with control frameworks (e.g., NIST Cybersecurity Control Framework).