Information Security Manager

Staff / Contractor 

Staff

Reports functionally to

CFO

Reports operationally to

Head of Information Services

Roles that report to this position

N/A

Onshore / Offshore

Onshore

Base Location 

Aberdeen

Emergency Reponse Team Role

N/A

Job summary

Manage, lead and deliver Dana Petroleum’s Cyber Security Plan and drive the continuous improvement of Dana’s Cyber Security Defences.

Roles and responsibilities

This role has the following responsibilities and outputs

  • Technical Authority/Lead for the design, selection, planning and configuration of appropriate information security controls across the organisation
  • Develop and continuously improve of the overall information security posture across the organisation; monitoring and recognising emerging threats and vulnerabilities to the organisation, mitigating potential digital security risks in order to ensure the integrity, confidentiality and availability of the company’s information assets
  • Monitoring for and Responding to Information Security Incidents
    • Review and monitoring of information security systems for incidents - Initial investigation and documentation of security incidents
  • Information Security Requests
    • Responding to requests for advice/assistance with information security activities such as hosted service site reviews
  • Reputation Management
    • Work closely with selected service provider (i.e. Brandprotect)
    • Forwarding instances and following up on action taken
    • Monitoring the online portal for alerts of potential reputation/brand infringements
  • Produce information security metric and reports
  • Monitoring for security events and establishing security intelligence and baseline
  • Lead risk assessments
  • Lead the development/maintenance of security standards and procedures
  • Perform security testing/auditing on IT systems
  • Manage the vulnerability scanning program and perform continuous vulnerability scanning/monitoring and generate reports
  • Audit system configurations and provide guidance and assistance on hardening standards
  • Assist in identifying security requirements and solution assessment

Whilst

  • Maintaining the information security framework; based on industry regulations/best practises such as GDPR, NIS, NIST cyber security framework, ISO/IEC 27000 series, etc.
  • Maintain awareness of relevant legal, statutory, regulatory and contractual obligations, as relate to information security, across the group.
  • Providing guidance and assistance on information security to all personnel across the organisation, raising awareness of the published security policies, standards and guidelines; identify user training requirements where appropriate Liaise with external service support organisations as required
  • Contributing to the development of and ensure compliance with defined standards, policies and processes
  • Adhering to the IS Change Management process, ensuring that changes affecting our business are communicated effectively; liaising with IS colleagues to successfully plan and execute changes

HSEQ Responsibilities

Everyone working for or on behalf of Dana Petroleum has the following responsibilities with regard to his or her work to:

  • Familiarise with the Dana Policies, including the policies on HSE, Risk Management and Major Hazards;
  • Familiarise with the One Dana Management System and its meaning for dayto-day work;
  • Familiarise with the work and be aware of all associated risks for People, the Environment, Assets and Reputation (PEAR);
  • Report any incident, near miss, hazards (unsafe acts/situations) and improvement suggestions;
  • Know their roles and responsibilities;
  • Actively participate in any job or HSEQ training or instruction by or on behalf of Dana Petroleum;
  • Use all provided means as intended and according to their purpose.

Job specific skills and knowledge

  • Solid experience in an information security role  
  • HND/Degree qualifications are favourable however professional technical/security accreditations from recognised industry bodies are preferred

Core Competencies:

  • Previous demonstrable experience of performing a similar information security role in a prominent sector organisation or agency
  • Diligent and security conscious with the ability to weigh up the threats, vulnerabilities and risks to the organisation and implement appropriate solutions or measures that do not impact the continued operation of the Business
  • A methodical and structured approach to problem solving, selecting and effectively utilising appropriate methods, procedures, tools, equipment and standards, to meet all targets set
  • Ability to identify gaps in the available information required to understand a problem or situation, and devise a means of remedying such gaps 
  • Capable of working across organisational boundaries and with multiple cultures – team player
  • Proactive, adaptable, taking action and anticipating opportunities
  • Maintains knowledge of relevant current and emerging technologies through literature, conferences / seminars, and professional networking with other leading practitioners and professional bodies

Technical Competencies:

  • Certified Information Security Systems Professional (CISSP)
  • CompTIA Security+

General capabilities:

  • Oil industry experience is favourable
  • Information Security Systems experience
  • Project and People management skills
  • Auditing skills and experience
  • Effective leadership skills including the ability to influence and negotiate
  • Effective and professional communication skills
  • Knowledge of regulations such as GDPR is favourable

Email CV with cover letter to: recrutiment@dana-petroleum.com.
Subject - Information Security Manager