Cybersecurity Lead
Indexed description
The role operates within a lean technology organization and works closely with Technology Operations, Digital & Technology Innovation, and Technical Project Management teams to embed cybersecurity controls into day‑to‑day operations and project delivery.
Key Accountabilities
Cybersecurity Strategy & Governance
- Define the organization information and cybersecurity strategy together with the Digital and Technology innovation team. And execute the strategy in alignment with operational reliability, safety, and business objectives.
- Establish and maintain cybersecurity policies, standards, and procedures aligned with global best practices and regulatory expectations.
- Ensure security considerations are integrated into infrastructure, cloud, business applications, and digital transformation initiatives.
- Lead enterprise cybersecurity risk management activities, including identification, assessment, mitigation, and reporting of cyber risks.
- Maintain the cybersecurity and IT risk register and support integration with broader enterprise risk management processes.
- Ensure compliance with applicable regulatory requirements, contractual obligations, and data protection standards relevant to the oil and gas operating environment.
- Coordinate and support internal and external audits, risk assessments, and assurance activities.
- Provide oversight and service assurance for outsourced Security Operations Centre (SOC) services.
- Lead and coordinate cybersecurity incident response activities, including investigation, containment, remediation, and post‑incident reviews.
- Ensure incident response plans, escalation procedures, and communication protocols are defined, tested, and operationally practical.
- Oversee vulnerability management and penetration testing programs delivered by third‑party providers.
- Work with Technology Operations teams to ensure timely remediation of identified vulnerabilities, prioritised based on operational and business risk.
- Monitor emerging cyber threats and industry‑relevant attack patterns and translate insights into practical control improvements.
- Identity, Access & Architecture Security
- Oversee Identity and Access Management (IAM) controls, including privileged access management and user lifecycle processes.
- Promote least‑privilege access, segregation of duties, and zero‑trust principles across enterprise IT and digital platforms.
- Provide security input into system architecture, solution designs, and technology standards.
- Third‑Party & Supply Chain Security
- Assess and manage cybersecurity risks associated with vendors, service providers, and technology partners.
- Ensure appropriate security controls and requirements are embedded within contracts and service agreements.
- Security Awareness & Capability Development
- Deliver security awareness and targeted training programs to improve cyber hygiene across the organization.
- Provide guidance and coaching to technology and digital delivery teams on secure practices.
- Line‑manage and mentor a Cybersecurity Analyst to build internal security capability.
- Reporting & Stakeholder Engagement
- Report cybersecurity risks, incidents, and overall security posture directly to the CTO.
- Provide clear, practical cybersecurity insights to technology leadership and business stakeholders.
- Act as the primary cybersecurity point of contact across the organization.
- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related discipline.
- 5-8 years' experience in cybersecurity, information security, or IT GRC roles within enterprise environments.
- Practical experience with cybersecurity governance frameworks such as ISO/IEC 27001, NIST Cybersecurity Framework, or similar.
- Proven experience conducting cybersecurity risk assessments, audits, and compliance activities.
- Familiarity with security operations concepts, incident response, vulnerability management, and third‑party security oversight.
- Experience working in regulated or asset‑intensive industries (e.g., oil & gas, energy, utilities, or heavy industry) is an advantage.
- Relevant professional certifications (or working towards them) such as ISO 27001, CISSP, CISM, or CRISC are desirable.
- Strong understanding of both technical cybersecurity controls and IT governance, risk, and compliance.
- Practical, risk‑based approach suited to operational environments where availability, safety, and business continuity are critical
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search