Sr. Manager- Information Security - HOU02SI at Worley

Summary:
To lead the strategy, design, implementation and continuous Development and improvement of Worley’s Enterprise Vulnerability Management Program, following a risk-based approach for remediation and risk mitigation.
 
Duties/Responsibilities:

• Lead Worley’s Enterprise Vulnerability Management Program (EVM)
• Supporting the Enterprise Vulnerability Management strategy for on-premises and cloud-based Worley assets
• Analysis of known and emerging threats to determine risks against Worley assets
• Assessment and audit of compliance against the security policies and standards as it relates to assets vulnerabilities
• Assurance that assets are effectively managed and maintained from a software level perspective (patched, remediated)
• Enforcement of enterprise-wide policies and procedures that cover the entire lifecycle of vulnerability management and device security configuration
• Engage with the rest of Worley’s Information Security organization on the state of Enterprise Vulnerability Management 
• Reporting and metrics
• Introduce Automation (scanning, remediation, etc.)
• Improve Worley’s EVM with risk-based remediation and prioritization 
• Supporting enterprise efforts to improve effectiveness and efficiency of EVM tools, process, and procedures
• Contributing to the development of the Device Domain Security Strategy
• Define tactical controls inclusive of O365, Windows 10 / 11, Sharepoint, Active Directory, and MAC OS environments based on vulnerabilities and attack vectors
• Oversee and lead validation of tactical controls implementation 
• Support organizational change management and communications
• Support Cyber Security Operations as necessary 
• Other functions assigned by the Global Director, Information Security
• Proven leadership, especially situational leadership, in managing within a complex environment
• Strong situational analysis, decision making abilities and relationship management with key stakeholders across the organization
• With support from People group design and implement an appropriate organisation to deliver Worley’s Cybersecurity and Risk strategies and programmes
• Recruit, on-board and develop personnel to build and sustain team capability and capacity to meet Worley’s needs with a focus on developing overall maturity of the function
• Lead and develop personnel and provide coaching and mentoring to encourage professional growth
• Strategic and tactical enterprise-wide view of the business knowledge of strategy, processes, and capabilities, enabling technologies, and governance
• Exceptional communication skills and the ability to communicate appropriately at all levels of the organization
• Collaborative mindset able to work effectively at all levels of an organization with the ability to influence others to move toward consensus

Job Specific Knowledge / Experience:

• BS degree in Computer Science, Cyber Security, or related field
• Cybersecurity certifications preferred.
• Information Technology certifications preferred
• Strong Cyber risk management, Cyber Security Operations, compliance, and commercial acumen with strong strategic and change management skills. 
• Significant experience in Vulnerability Management programs
• Significant experience managing endpoints and endpoint protection technologies 
• Significant experience defining, implementing, and managing security controls 
• Substantial tacit and explicit knowledge of the design and implementation of Worley’s strategy, as well as Worley’s Information Security strategy and vision
• Overall, 10 years of experience in Information Security and / or IT Operations 
• Experience in Oil and Gas industry a must
• Knowledge of the Australian Essential 8 controls 
• Managing and motivating virtual and global teams where some members may have dual roles
• Successful track record working in a multinational environment with 24/7 operation across different time zones
• Knowledge of Security architecture and frameworks including ISO27001, NIST, and ACSC Essential 8 strategy
• Line management of both in-house and outsourced providers
• Ability to keep abreast of trends and best practices and disseminate and implement such approaches across the organisation including current Cyber risk threat landscape
• Strong team leadership and development skills 
• Ability to collaborate across multiple teams and work well with others
• Strong written and presentation skills with the ability to critically synthesise technical concepts to material for C-suite and Board level consideration
• Strong ability to analyse material control weaknesses and recommend remedial measures efficiently and effectively 

HSE Capability:

• Assume hands-on management and implementation of all relevant HSE systems.
• Assure compliance of all HSE systems, processes and procedures through the training, competence and performance of all personnel (Worley and others)
• Achieve the objectives of the Life program through proactively implementing actions and/or corrective or mitigating actions, and by maintaining an overall knowledge and awareness of the work-place environment (operations, layout, hazards, risks, concurrent activities, personnel, etc.)
• Role-model a commitment to personal well-being and a pro-active approach to continuously improving health, safety and environmental performance.

IT Skills:

• Advanced user in MS Office applications and MS SharePoint 2013
• Knowledge of systems including Worley Management System, Corporate Assurance and Corporate Internal Audit systems
• Advanced knowledge of frameworks including NIST, Essential 8 and ISO27001