We are currently seeking an IT Risk & Compliance Analyst with prior oil and gas experience for a leading LNG company headquartered in Houston, TX.
The IT Risk & Compliance Analyst reports to the Network & Infrastructure Director and while they have many responsibilities, the primary focus is to validate that the security controls documented in the clients CyberSecurity Policy are correctly configured and protecting critical client assets from attack. If a deficiency exists you will be expected to help facilitate remediation.
Daily activities will center around performing hands-on security control validation assessments and working with the appropriate team(s) to remediate any detected risks or misconfigurations in an expedited manner. Trust but verify is your mission. You will also manage the corporate security awareness/training and 3rd party risk assessment programs in conjunction with IT Security. You'll work with state-of-the-art compliance reporting, security awareness, and penetration testing technologies, using commercial and open source solutions. You will also receive significant training - both daily hands on activities and through SANS or other leading ICS and IT security and compliance training providers.
- Validating Critical Security Controls: Actively validate current security controls including critical patches, security settings and rules are configured per the CyberSecurity Policy. This includes both reporting and hands-on validation.
- Validating Critical Security Event Logging: Actively validate all current security and detective controls are logging accurate information to the appropriate client centralized logging solution. This also includes both reporting and hands-on validation.
- Security Policy Management: Manage all IT security and compliance policies with the direction of the IT leadership team. Ensure the client CyberSecurity and related policies are updated and communicated to the organization as new threats emerge or new security controls are deployed. Ensure that all new employees are familiar with security policies and procedures.
- Security Awareness & Training: Promote and manage the clients security awareness and training program. Plan and schedule monthly "Learn and Lunch" security events, quarterly security training and monthly targeted phishing campaign tests.
- IT Risk Assessments and IT Audits: Lead external IT audit and 3rd Party Risk Assessment requests. Participate in moderate to highly complex projects to deploy new solutions ensuring security controls and risk management are incorporated early in the design process.
- Understanding of Natural Gas/Liquefied Natural Gas/Natural Gas Liquids production, processing, distribution, business and marketing
- Plant-site experience
- Experience scripting with Powershell, shell and python