Reports To:
Manager, IT Security
Responsible For:
Enterprise Security Architecture, Risk Management, Security Strategy, Compliance, Identity and Access Management, Threat Modelling, Security Controls Design, Security Policies and Standards, Technology Evaluation, Incident Response Planning, OT/IT Convergence Security, Cloud Security, Vendor Management
Overall, Purpose of Job:
The Asst. Mgr. Cybersecurity is responsible for designing, developing, and overseeing the implementation of the organization's overall security architecture, with a focus on the unique challenges of the Oil and Gas industry. This role requires a deep understanding of business goals, security requirements, and industry-specific technologies to create a robust security framework that protects the company's digital and physical assets, ensures compliance with regulations, and aligns with business objectives. The Asst. Mgr. Security Architect will work closely with various IT teams, business units, and leadership to integrate security measures across all systems, networks, and field locations.
Responsibilities:
Architecture and Strategy
- Develop and maintain a comprehensive enterprise security architecture that aligns with business objectives and addresses current and emerging threats in the Oil and Gas industry
- Create and update security reference architectures, patterns, and blueprints to guide the implementation of security controls across the organization, including cloud environments, ERP systems, SCADA networks, and remote field locations
- Lead the design and implementation of security controls across all IT and OT infrastructure layers
- Develop and maintain a security technology roadmap that supports the organization's long-term security goals and addresses the convergence of IT and OT systems
- Ensure compliance with relevant industry regulations and standards (e.g., ISO 27001, Cybercrime Act, NDPR, NIST, GDPR, etc.)
Risk Management and Incident Response
- Conduct regular risk assessments and threat modelling to identify vulnerabilities across IT and OT environments, and recommend mitigation strategies
- Lead security incident response planning and oversee major security incidents
- Ensure the effectiveness of disaster recovery and business continuity plans
- Oversee vulnerability management and penetration testing programs
Security Operations and Implementation
- Guide the implementation of security tools and technologies
- Oversee the security operations center (SOC) activities
- Ensure proper configuration and maintenance of security systems
- Monitor and analyze security metrics and key performance indicators
- Design and oversee the implementation of security controls for networks, systems, applications, and data, with a focus on protecting critical infrastructure and sensitive operational data
Compliance and Governance
- Develop, maintain, and enforce comprehensive security policies, standards, and guidelines that address both IT and OT environments
- Oversee internal and external security audits
- Manage security-related aspects of vendor relationships
- Collaborate with legal and compliance teams to address regulatory requirements specific to the energy sector
Leadership and Collaboration
- Assist the CISO in coordinating the work priorities of Security Administrators across all aspects of security operations
- Collaborate with IT, OT, and business leaders to ensure security is integrated into all aspects of operations
- Provide regular reports and presentations to executive leadership
- Develop and maintain relationships with key security vendors and partners
- Act as a subject matter expert for all security-related matters
Education and Awareness
- Drive security awareness and training programs across the organization
- Stay abreast of emerging security threats, technologies, and best practices specific to the energy sector
- Educate executive leadership on cybersecurity risks and mitigation strategies
- Promote a culture of security awareness within the organization
Continuous Improvement
- Regularly assess the effectiveness of security controls across IT and OT environments and recommend improvements
- Implement metrics to measure the effectiveness of security programs
- Lead initiatives to enhance security maturity across the organization
- Integrate emerging technologies and methodologies into the security framework
Key Performance Indicators:
- Level of compliance with industry security standards and regulations
- Effectiveness of security controls across IT and OT environments
- % reduction in security incidents within the financial year
- Uptime of key security systems (e.g., firewalls, SIEM, IDS/IPS)
- Quality and timeliness of security reports to executive leadership
- Successful completion of penetration tests and security audits with findings addressed within agreed timelines
- % of critical vulnerabilities remediated within defined SLAs
- Maturity level of the organization's security posture based on industry-standard frameworks
- Number of security awareness training sessions conducted and employee participation rate
Person Specification:
- Master’s degree in computer science, Information Security, or related field
- 10+ years of experience in IT security, with at least 5 years in a senior security role
- Deep understanding of security architectures, frameworks, and methodologies
- Strong knowledge of network security, application security, and cloud security
- Experience with ICS/SCADA security in industrial environments
- Strong leadership and project management skills
- Experience with risk management and compliance frameworks
- Excellent communication skills, able to articulate complex security concepts to both technical and non-technical audiences
- Strategic thinker with the ability to align security initiatives with business objectives
Required Competencies:
- Expert knowledge of cybersecurity principles, practices, and technologies
- Proficiency in security architecture frameworks (e.g. TOGAF)
- Strong understanding of IT governance frameworks (e.g., COBIT, ITIL)
- Expertise in security standards and regulations (e.g., ISO 27001, NDPR, NIST, GDPR)
- Advanced knowledge of network protocols, operating systems, and databases
- Familiarity with cloud security architectures and principles
- Strong project management and organizational skills
- Excellent problem-solving and analytical skills
- Ability to influence and collaborate with stakeholders at all levels
- Certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable
- Knowledge of Oil and Gas industry dynamics and specific security challenges