Manage Noble's Cyber Security program activities and maintain key performance indicators. Continually evaluate appropriate metrics to report to the board and prepare the board report. Direct Cyber Security Analysts in the detection, investigation and mitigation of cyber security events. Focus efforts on preventing interruption of IT services due to security incidents. Establish and maintain strategic vendor relationships essential to continuously improving Noble's protect, detect, response and recovery activities for cyber programs. Develop and exercise CSIRT response plans. Develop training programs for business users that enhance cyber knowledge and improve Noble's security awareness.
* Bachelor's degree in field related to the management of computer information systems. Master's degree strongly preferred.
* Current certification in either Certified Information Systems Security Professional (CISSP) or Global Industrial Cyber Security Professional (GICSP).
* 5+ years of cyber security experience in a senior role.
* 5+ years of experience developing system life cycle management programs and policies as they relate to security.
* Industrial control cyber security experience preferred.
* Project management experience and skills, PMP certification is a plus.
* Excellent facilitation, verbal and written (formal and technical) communication skills with a good command of the English language. Ability to work effectively across and within diverse teams.
* Ability to effectively articulate and present complex concepts and ideas to senior business management and end users.
* Strong execution skills with the ability to work efficiently under pressure and deliver quality results within standards and deadlines.
* Strong customer service skills.
* Strong analytical and organizational skills with attention to detail.
* Experience using Microsoft Office Suite including PowerPoint, Excel, Word, Visio, Project and Outlook.
* Travel is an essential job function (est. 15%, domestic, international and offshore).
* Ability to work overtime and on-call as required.
Integrated Strategy - Cyber Security
* Assist in the development and execution of an integrated strategic cyber security strategy with accompanying human resource and technology investment models. The plan will incorporate eight cyber domains, including: 1) Security and Risk Management; 2) Asset Security; 3) Security Engineering; 4) Communications and Network Security; 5) Identity and Access Management; 6) Security Assessment and Testing; 7) Security Operations, and 8) Software Development Security.
* Maintain design and configuration documentation for Noble's cyber security environments.
* Responsible for security management program/life cycle and managing execution of same:
* Identification, programmatic alignment and fulfillment of recognized cyber standards/ methodologies, e.g. IEC62443, NIST, ISO 27000
* Definition, creation and distribution of threat intelligence reports
* Oversee and/or assist with internal processes, periodic cyber audits and assessments.
* HIPPA (Corporate) security oversight
* Hardware in Line (HIL) testing (Operational)
* CSIRT exercises
* Provide input, relative to current and anticipated projects, during the budgeting cycle. Assist with annual expense and capital budget requests as they relate to the security environment.
* Lead in the management of projects which deploy an integrated "defense-in-depth" strategy with supporting policies and procedures.
* Manage security projects including the following:
* Business case development
* Project plan (task level detail) development
* AFE development
* Request approval for projects to IT management
* Team resource allocation
* Status and closure reporting
* Clearly communicate technology issues, plans and solutions from both a business perspective and a technical perspective.
Subject Matter Expert
* Serve as an expert on securing Noble's corporate and operational cyber network and assets
* Serve as an expert on cyber security event analysis methodology
* Exercise sound business judgment when making decisions, and adhere to external and internal policies, regulations and professional standards (e.g. Administrative Policy Manual and Code of Conduct).
* Understand the organization's business processes, operational security processes, security platforms and infrastructure architecture, and participate in their development and architecture.
* Evaluate and establish policies for corporate and operational security implemented and maintained on Noble Drilling's fleet.
* Interface with vendors and Noble project teams to assure development integration with industry best practices.
* Manage cyber security staff to include all staff functions, training plan, goal setting and performance evaluations.
* Coach/mentor other IT staff, specifically staff within management area.
* Maintain positive relationships between IT and other Noble business units.
* Other duties as assigned.
Direct: Cyber Security Analysts