Cyber Security Analyst - Houston, TX - Noble Drilling
Assist with the implementation of a security and technology framework to ensure that cyber asset security standards are met. Work closely with internal and external stakeholders to help build and maintain an effective security program focused on protecting the confidentiality, integrity, and availability of Noble’s cyber assets, and to mitigate risk. Serve as a contributor providing operational support for risk management, regulatory compliance, and policy implementation.
• Bachelor's degree in Computer Engineering, Computer Science, or other IT related discipline.
• At least 3 years of cyber security experience required. Industrial control systems experience desired.
• In-depth knowledge of data protection strategies, cyber networks and system vulnerabilities.
• Ability to assess risks and form mitigation alternatives in defining compensating controls.
• Experience or knowledge in conducting cyber security vulnerability assessments and remediation activities.
• Field engineering experience is a plus.
• IT auditing, network and systems engineering experience is a plus.
• Information security certifications such as CISSP, GISCP, CISA, or SANS GIAC required.
• Experience supporting compliance mandates and frameworks such as ISO, NERC CIP, NIST, DEP, APC (Achilles Practice Certification). Direct experience with IEC 62443-2-4 standard is strongly desired.
• A problem solver and team player. Requires business insight, technical acuity, and the ability to think, communicate and write at various levels of abstraction.
• Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel.
• Travel is an essential job function (est. 50% domestic, international and offshore).
• Travel via helicopter and/or boat will be required for offshore installation trips
• Ability to work overtime and on-call as required.
ESSENTIAL FUNCTIONS• Support ongoing development of Noble Cyber Security program.
• Participate in the execution of security projects including adaption of suggested best practices to the reality of field environments, task level plan development, and identification of risks and possible remediation actions.
• Manage project tasks effectively to assure timely and successful completion of projects with a high degree of customer satisfaction.
• Responsible for delivery of the Security Education and Training Program both onshore and offshore.
• Conduct risk assessments, MOC reviews, testing, implementation of policy and procedures, operational maintenance, solution deployments, and system integration implementations on Noble's offshore assets.
• Serve as subject matter expert on Noble’s Cyber Security Policy.
• Support deployment and integration of security controls.
• Supports audits and assessments for rig certification programs.
• Participate in the creation of rig certification program deliverables.
• Participate in efforts for ensuring rig certification artifacts and deliverables including fleet wide re-certifications are met.
• Conduct manual and automated security testing and support stakeholders in remediation activities.
• Support compliance with IEC 62443-2, operational and corporate security best practices, regulatory standards, as well as development of security risk management and security program implementation processes.
• Interface with rig management and operations leadership fleet wide.
• Support the cyber security team in technical implementation of POCs, testing and R&D.
• Participate in on site containment, remediation, and restoration efforts during cyber security incidents.
• Participate in the maintenance of Noble’s operational cyber asset inventory.
• Assist in the development of the strategic roadmap to promote security team operations goals.
• Assist in the implementation of a continuous improvement process approach for the Noble cyber security team.
• Participate in business continuity / disaster recovery activities as needed.
• Foster positive working relationships among IT teams.
• Participate in on call rotation.
• Adhere to professional standards and Noble’s Administrative Policy Manual.
• Other duties as assigned.