Description

• Develops, implements and monitors a strategic enterprise information security risk management program, inclusive of philosophies for presentation and mitigation of cybersecurity attacks such as ransomware attacks payments and cybersecurity insurance; and enhances the information security governance framework based on emerging vulnerabilities and threats, and assessed business risk
• Conduct regular security assessments and vulnerability testing of the company's computer systems, non-process and process control netowrks, and other digital assets to identify & assess potential risks and implement appropriate measures to reduce weaknesses that could be exploited by Cyber criminals
• Develop and implements Incident Response Plans to quickly identify and respond to security incidents in the non-process and process control networks as well as establishing procedures for incident reporting, investigation, containment and recovery.
• Work with stakeholders within and outside of the organization to ensure compliance with all relevant cybersecurity and privacy regulations and standards such as the National Institute of Standards & Technology (NIST), International Electrotechnical Commission (IEC) 62442, including raising the cybersecurity risk awareness and compliance levels in employees.

• Strong ability to design, manage and maintain a comprehensive company-wide strategic information security risk management framework and program
• Ability to analyze information technology security threats in real-time and work with senior leaders across the organization to mitigate these risks
• Ability to stay up to date with regulatory and industrial security standard and compliance requirements which are constantly evolving
• Proficient in the use of cybersecurity technology and the use of digital applications

• Role models the organisation's core values- spirit
• Strong analytical thinking for complex problem solving and deep understanding of company Information Technology (IT)/ Operational Technology (OT) infrastructure security systems and business processes
• Meticulous attention to detail to detect potential threats and implement measures correctly
• Excellent communication skills with the ability to effectively convey the import of cyber security risks and instill confidence to a variety of audiences including staff, Leadership and Board sub-committees
• Embodies a learner mindset- is future focused, curious, innovative, creative and embraces change

• A first degree in Computer Science, Information Technology, Electrical & Computer Engineering or Management Information Services from a recognised, accredited institution.
• A minimum of eight (8) years' direct work experience with IT/OT networking and telecommunication services, security systems, firewall and network access control, cloud computing systems and security, preferably in the Oil and Gas industry
• Strong working knowledge of computer networking, information security, data privacy, operating systems, and programming languages
• Recognized certification in Cybersecurity- e.g., Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM)
• Strong knowledge of regulations and standards for industry- e.g. National Institute of Standards and Technology (NIST), International Organisation for Standards (ISO), Control Objectives for Information and Related Technologies (COBIT).