Digital Security Risk Management Consultant - Sunbury
My client, a high profile oil & gas company, is looking for a Digital Security Risk Management Consultant to join their team in Sunbury.
Contract Description:
This role is primarily accountable for conducting digital security risk assessments for assets, suppliers and projects on behalf of the Upstream CISO. A digital security risk assessment involves the identification of existing or potential security risks, the development of pragmatic controls or mitigations for those risks, the explanation of those risks and controls to the appropriate business person in order that a risk decision can be made and the tracking of identified risks to ensure an understanding of the residual risk position.
Responsibilities:
· Work with project resources and other Risk Management Consultants to interpret the Digital Security Operating Practices and other security policies to develop practical solutions to mandatory security control objectives and any specific business security requirements.
· Work with Upstream IT projects to execute the Digital Security Lifecycle process to identify and manage digital security risks.
· Carry out security reviews of critical assets and suppliers that support the business activities.
· Contribute to the effective operation of common processes and solutions owned by Digital Security including the Digital Security Lifecycle and the development of training materials.
Deliverables:
1. Ensuring projects meet their Digital Security accountability
· Work with projects to identify and assess areas of likely risk recommending appropriate solutions to mitigate risks.
· Follow up with the project team on areas of likely risk for appropriate prioritization and management of those risks.
· Ensuring that the Digital Security Lifecycle is followed and appropriate records are maintained.
2. Critical Asset Security Compliance Reviews
· As required and instructed by manager contribute to critical asset security reviews.
3. Contribution to Solutions, Standards, Knowledgebase and Training
· As required as instructed by manager, contribute to solutions, standards and training.
· Evidence of solutions or innovative new ways of scaling activity will be highly regarded.
4. Compliance with local Digital Security initiatives
Experience & Knowledge:
· An externally recognised Information Security accreditation e.g. CISSP, IISP, CISM
· Experience in information technology within an oil & gas company or another larger organisation in a role which incorporated aspects of information security.
· Experience of a formal / structured IT security risk assessment methodology.
· Deep knowledge of current and emerging information security vulnerabilities and mitigations ranging across the technologies required for securing data centres, global networks and 3rd party access to applications and resources.
· Deep knowledge of TCP/IP Networks, web technologies and applications.
· The ability to describe technical risks and controls to a non-technical audience.
· Knowledge of Process Control Systems and / or SCADA is desirable.
· Knowledge of SAP systems and / or SAP security is desirable.
This is a fantastic opportunity, please respond for more details.![]()
My client, a high profile oil & gas company, is looking for a Digital Security Risk Management Consultant to join their team in Sunbury.
Contract Description:
This role is primarily accountable for conducting digital security risk assessments for assets, suppliers and projects on behalf of the Upstream CISO. A digital security risk assessment involves the identification of existing or potential security risks, the development of pragmatic controls or mitigations for those risks, the explanation of those risks and controls to the appropriate business person in order that a risk decision can be made and the tracking of identified risks to ensure an understanding of the residual risk position.
Responsibilities:
· Work with project resources and other Risk Management Consultants to interpret the Digital Security Operating Practices and other security policies to develop practical solutions to mandatory security control objectives and any specific business security requirements.
· Work with Upstream IT projects to execute the Digital Security Lifecycle process to identify and manage digital security risks.
· Carry out security reviews of critical assets and suppliers that support the business activities.
· Contribute to the effective operation of common processes and solutions owned by Digital Security including the Digital Security Lifecycle and the development of training materials.
Deliverables:
1. Ensuring projects meet their Digital Security accountability
· Work with projects to identify and assess areas of likely risk recommending appropriate solutions to mitigate risks.
· Follow up with the project team on areas of likely risk for appropriate prioritization and management of those risks.
· Ensuring that the Digital Security Lifecycle is followed and appropriate records are maintained.
2. Critical Asset Security Compliance Reviews
· As required and instructed by manager contribute to critical asset security reviews.
3. Contribution to Solutions, Standards, Knowledgebase and Training
· As required as instructed by manager, contribute to solutions, standards and training.
· Evidence of solutions or innovative new ways of scaling activity will be highly regarded.
4. Compliance with local Digital Security initiatives
Experience & Knowledge:
· An externally recognised Information Security accreditation e.g. CISSP, IISP, CISM
· Experience in information technology within an oil & gas company or another larger organisation in a role which incorporated aspects of information security.
· Experience of a formal / structured IT security risk assessment methodology.
· Deep knowledge of current and emerging information security vulnerabilities and mitigations ranging across the technologies required for securing data centres, global networks and 3rd party access to applications and resources.
· Deep knowledge of TCP/IP Networks, web technologies and applications.
· The ability to describe technical risks and controls to a non-technical audience.
· Knowledge of Process Control Systems and / or SCADA is desirable.
· Knowledge of SAP systems and / or SAP security is desirable.
This is a fantastic opportunity, please respond for more details.