IT Security and Compliance Manager - London

All - IT
Ref: 879 Date Posted: Wednesday 10 Jul 2019
LinkedIn ShareShare
More

Job title

IT Security and Compliance Manager

Reports to

Head of IT, INEOS Oil & Gas

Location        

London, UK

INEOS Oil & Gas (IOG) is the biggest privately owned exploration and production business operating in North West Europe. IOG employs across 13 producing assets located in Norway, Denmark and the United Kingdom. At the heart of the INEOS approach is our commitment to the principles of responsible care. These are central to the INEOS way of working and put into practice every day across our businesses.

We are looking for an IT Security and Compliance Manager to join the team to be responsible for the end to end security of all IT systems and data across the IOG business ensuring any risk is reduced and mitigated. The role will cover multiple countries which operate in a federated model, therefore liaison with country based IT Managers and teams is essential.  

Responsibilities and Accountabilities

        Security leadership

  • Be the point person and expert for information and cyber security architecture, engineering and operations and pro-actively provide leadership and guidance to IOG and business functions

  • Be the recognised focal point for Information Security in conjunction with HR and IT across the enterprise. Apply a pragmatic and “security by design” approach to all aspects of the role, ensuring that security is an enabler to the business

        Security strategy, policy and oversight

  • Develop an IT security strategy, design principles and policies based on the Enterprise IT Security Strategy. Ensure that security policy and security standards are implemented and adhered to, and that exceptions are managed under governance

  • Provide subject matter expertise into development of policies and standards as required

        Security monitoring and incident management

  • Develop and maintain proactive internal and external security monitoring, taking action appropriate to risk

  • Lead the response to IT security incidents, crisis and security problem resolution, including IT security aspects of business continuity testing

        Security design and implementation

  • Oversee the design, testing and deployment of security aspects of IT changes to ensure relevant standards are me

        Threat intelligence and trends

  • Stay abreast of current and future security risks and adapt mitigations and controls accordingly

        Penetration testing and 3rd party oversight

  • Maintain and conduct regular penetration testing schedules for internal and key third party IT partners

  • Work with relevant stakeholders to identify requirements and resolve issues in a timely manner

  • Lead the oversight and assurance of 3rd party security controls and implementation of security and provide strong challenge where needed

    Security Awareness and Training

  • Report regularly on the IOG security profile highlighting any exposures and establish key reporting metrics

  • Implement local security awareness and training initiatives in line with the Group’s awareness and training plans

        Relationship Management

  • Establish and maintain effective relationships and governance arrangements with senior stakeholders

  • Provide effective independent escalation and reporting of any security issues, risks and deficiencies to business management, IT teams and INEOS Group

  • Actively participate in the INEOS Global Security Team

    Qualifications, knowledge and skills

  • Must have previous experience managing IT and Information Security and be able to demonstrate delivery of IT security solutions across an enterprise

  • Experience of IT Information Security in the oil and gas industry is preferred

  • Good understanding of network security, cloud architecture, solution infrastructure, application security and vulnerability management, ideally in a Microsoft environment.

  • In depth knowledge and practical application of security architecture development, security threat technical analysis, security solutions evaluation and selection, security solutions engineering including front-line security operations and architectural security controls; application, infrastructure, network & database

  • Understands and ensures compliance with recognised formal standards for IT control and Security Management Systems including ISO27001, COBIT, COSO, ITIL and NIST Cyber Security Framework

  • In depth understanding of trends in security threats, analysis of major publicised incidents and IT trends as they relate to security threats is essential

  • Detailed understanding of the implementation and operation of key security technologies including anti-malware (simple and advanced), network perimeter and firewall, monitoring, encryption, intrusion detection, behavioural analysis, information protection, authentication, identity management, security testing and cloud security

  • Able to demonstrate a structured approach to penetration testing, incident and crisis management. Experience of contributing to major security incident management is also desirable

  • Good working knowledge of Active Directory, Citrix, VMware, Cloud platrforms, Azure and access control

  • Ability to work well with 3rd parties and outsourced providers including cloud services

  • Experience with systems design and development from analysis of business requirements through to the day to day management

  • Proven ability to build successful working relationships and work well in a team

 

Please upload you CV and apply