Security Strategy and Policy:
- Develop and maintain an organization-wide IT security strategy and policies.
- Ensure compliance with industry regulations and standards (e.g., GDPR, HIPAA, ISO 27001).
- Design and maintain a robust security architecture for the organization’s IT systems.
- Implement security controls, technologies, and solutions to protect against cyber threats.
- Develop and manage an incident response plan for addressing security incidents.
- Lead investigations and coordinate incident response efforts.
- Conduct security awareness training for employees to promote a culture of security.
- Ensure staff members understand and adhere to security policies.
- Identify and assess vulnerabilities in the organization’s systems and networks.
- Implement patch management processes and mitigate vulnerabilities.
- Deploy and manage security monitoring tools and systems.
- Monitor network traffic, logs, and alerts for suspicious activities.
Security Audits and Assessments:
- Conduct regular security audits and assessments to identify weaknesses.
- Collaborate with internal and external auditors.
Security Team Management:
- Lead, mentor, and manage a team of security professionals.
- Ensure team members are trained and equipped to handle security tasks.
Emerging Threats and Trends:
- Stay current with cybersecurity threats, trends, and technologies.
Experience and Qualifications Required:
- Bachelor’s degree in computer science, Information Security, or related field (IT Security Specialization preferred if any).
- Professional certifications such as CISSP, CISM, or CISA will be an advantage.
- 5+ years of experience in information security, with at least 2 years in a leadership role.
- Strong understanding of security frameworks, standards, and best practices.
- Knowledge of network and system security, cryptography, and security technologies.
- Excellent communication and leadership skills.
- Ability to work collaboratively with cross-functional teams.
- Strong analytical and problem-solving skills.
- Experience with security assessment tools and techniques.
- General knowledge of oil and gas business processes.