Job Title: Cybersecurity Governance,
Risk and Compliance Manager
Reporting
To: Director of ISIT
Location: Houston, TX
ABOUT SEADRILL
Seadrill is one of the world’s most
modern offshore integrated drilling companies. Using world leading
technology, we operate in 15 countries across 5 continents, employing
some 4,000 people representing 65 nationalities.
Our vision is to Set the Standard in
Drilling. It’s ambitious and we all play our part in achieving this .
We recognise that our people are key to
helping us to achieve our vision so we have fostered a culture that
encourages, supports and celebrates diversity of thought. It fuels our
innovation and connects us closer to our customers and the communities we
operate in.
Help us to keep innovating, improving
and maintaining the highest safety records and service delivery. In
return we will provide support and development opportunities that help
you unlock your full potential.
JOB SUMMARY
The
Cybersecurity GRC Manager will be at the forefront of ensuring our
organization's cybersecurity strategies align with regulatory requirements
and industry best practices. Your primary responsibilities will include
leading the development, implementation, and continuous refinement of our
cybersecurity governance framework, risk management processes, and
compliance activities.
As our Cybersecurity GRC Manager, you will be
instrumental in identifying and assessing cybersecurity risks, developing
robust policies and procedures, and ensuring compliance with relevant laws,
contracts, regulations, and standards. You will work closely with various
internal stakeholders, including IT, Internal Controls, Quality and Enterprise
Risk, Legal, and Compliance teams, to integrate cybersecurity best
practices into all aspects of our business.
Additionally, you will serve as the focal
point for all cybersecurity-related audits, including SOX, ISM, internal
audits, and others. In this capacity, you will coordinate audit activities,
ensure readiness, manage responses to audit findings, and oversee the
implementation of audit recommendations. Your role will be pivotal in
maintaining transparency and accountability in our cybersecurity practices,
ensuring they withstand the scrutiny of both internal and external audit
processes.
Your expertise will not only safeguard our
organization from digital threats but also foster a culture of
cybersecurity awareness and compliance. Your strategic approach to risk
management, combined with your ability to communicate complex cybersecurity
concepts to diverse audiences, will play a vital role in strengthening our
cybersecurity posture and supporting our overall business objectives.
JOB SPECIFIC RESPONSIBILITIES
Governance:
implement clear guidelines, policies, and standards to ensure that IT
systems and data are used and secured properly. Establishment of best
practices and protocols to ensure that all IT activities align with
Seadrill’s goals and objectives. Key activities:
- Directive Development: Ownership of creating and reviewing directives for OT and IT security.
- Ownership of Cyber Strategic Planning: Aligning IT security strategies with business objectives and ensuring adequate resources.
- Performance Measurement: Using metrics and KPIs to assess the effectiveness of cybersecurity measures, and KRIs to help to predict and monitor potential future risks.
- Risk Management Integration: Incorporating cybersecurity risk management into overall business risk strategies.
- Awareness, Training and Education: Educating employees about cybersecurity policies and best practices. Raising awareness, Own the security awareness program and ensure the workforce is properly trained and educated. Measure the effectiveness of awareness, training, and education programs.
- Line Management responsibility of the Cyber Security team.
Risk
Management: focus on identifying, assessing, and mitigating risks that
could potentially harm Seadrill’s assets, reputation, or stakeholders.
Understanding the threats to IT infrastructure and data and taking
appropriate measures to reduce these risks to an acceptable level. Key
activities:
- Risk Assessment: Identifying and evaluating risks associated with IT systems and data.
- Risk Mitigation Planning: Developing strategies to address identified risks, such as implementing security controls and presenting these strategies up to exco level.
- Continuous Monitoring: Regularly reviewing and updating risk assessments to address new threats.
Compliance:
ensure that Seadrill adheres to laws, regulations, and standards relevant
to its industry and operations. It includes adherence to regulations like
GDPR, LGPD, SOX, SEC Cyber Disclosure, etc. Key activities:
- Regulatory Compliance: Understanding and adhering to legal, contractual and regulatory requirements.
- Standards Compliance: Following industry standards
- Audits and Assessments: Serve as the central contact for all cybersecurity-related audits at Seadrill. Cataloging all audits applicable to Seadrill, comprehending their specific requirements. Streamlining the processes for gathering audit evidence, aiming to efficiently meet auditor requirements. Proactively anticipating the needs and questions of auditors to facilitate smoother audit engagements. Exploring and evaluating a GRC tool to enhance future compliance tracking and management. Overseeing or assisting in the conduct of audits, both to verify adherence to internal policies and to ensure compliance with external regulations.
Cybersecurity Program Management: oversee
the projects part of our program and all projects within the cybersecurity
umbrella are effectively aligned, executed, and delivered. Key Activities:
- Project Coordination and Management: Oversee various cybersecurity projects, from inception to completion, following Seadrill Project Delivery Framework (PDF). Ensure that projects are completed on time, within scope, and budget.
- Stakeholder Communication: Act as the central point of communication for all cybersecurity projects. Regularly update stakeholders, including executive leadership and department heads, on project progress, risks, and milestones.
- Performance Tracking and Reporting: Monitor and report on the progress of cybersecurity projects.
SAFETY AT SEADRILL
Our goal is to ensure that ‘nobody gets hurt’ whilst performing
their job. Everyone at Seadrill has a part to play in meeting our safety
commitment.
Through strong leadership and personal
responsibility from all employees, we take a systematic approach to
identifying, managing and preventing the hazards involved in our day to
day operations. Nothing is more important to us than the health, safety
and security of our workforce and the communities in which we operate and
behaving responsibly towards our shared environment. We are vigilant,
disciplined and always looking out for one another. We have developed and
embedded a strong safety culture onshore and offshore, fostered by all
employees, who each have a personal responsibility and the authority to
put an immediate stop to the job if they believe it to be unsafe.
Everyone at Seadrill is accountable for helping to build this culture of
care.
SEADRILL BEHAVIORAL FRAMEWORK
In Seadrill, setting the standard is not just about what we
deliver, but how we deliver it.
We co-created our Behavioral Framework
with our employees, where we identified four key competencies that define
our culture and help us to live our values. Our behaviors are embedded in
the way we work and support and guide us day to day:
- Drive & Ownership
- Change & Forward Thinking
- Communication & Collaboration
- Service Delivery
KNOWLEDGE, SKILLS AND
EXPERIENCE
- At least 5-7 years' experience in an
information security role and demonstrate a clear understanding of security
related issues.
- Experience in security controls design and
operation.
- Experience in conducting risk assessments.
- Knowledge of ISO27001/2.
- Knowledge of Sarbanes Oxley.
- Knowledge of Data Privacy.
- People Management Skills and willingness
to develop a team.
Soft skills:
- Strong ownership of tasks and issues
through to resolution (must demonstrate tenacity and persistence).
- Excellent communication skills,
relationship building and interpersonal skills.
- Strong analytical skills.
- Able to multi-task and prioritize workload
and a strong capability to manage and deliver multiple engagements
simultaneously.
- Self-motivated and the ability to work
under own initiative, with the ability to work individually and as part of
a team.
Desired Certifications
- CISSP - Certified Information Systems
Security Professional
- CISM – Certified Information Security
Manager
- CRISK – Certified in Risk and Information
Systems Control
- ITIL Foundation or higher certification
EDUCATION AND QUALIFICATIONS
- Degree or equivalent experience in
computer science, networking, engineering or another computer-related field
(Higher degree preferred)
- BSc or MSc degree in Information Security.
JOIN SEADRILL
We value our people and want to retain
them, so we offer a competitive package built around an attractive base
salary and a range of benefits tailored to your location.
Join Seadrill. Own the Opportunity.