Join a leading global energy company as a Global IS Governance Lead. The successful candidate will drive IT/OT Governance, ensuring strategic alignment, regulatory compliance, and process improvements. This key role supports risk management, policy development, and audits while collaborating across teams to enhance operational resilience.
The company has grown to become one of the world’s largest independent oil and gas companies with significant production in Norway, the UK, Germany, Argentina and North Africa. With low emissions intensity and a leading CO2 storage position in Europe, the organisation remains committed to producing oil and gas safely and responsibly to help meet the world’s energy needs. Theirs is an inclusive workplace where individuals can bring their whole selves to their job and feel recognised for the value they add. They are committed to creating a genuinely inclusive and supportive working environment to ensure everyone has a positive experience at work.
Purpose of Role
- The Global Information Systems (IS) and Operational Technology (OT) Governance Lead shall manage and drive Governance to improve IS and OT processes and operations by supporting a programme of internal audits and external maturity assessments against adopted standards.
- Governance Framework Development: Leading the development, implementation, and maintenance of an effective Global IT and OT Governance framework aligned with organisational goals and objectives.
- Policy and Procedure Development: Maintaining IT and OT Governance policies, procedures, and guidelines to govern IT and OT decision-making.
- Strategic Alignment: Collaborating with senior management and Business Leaders to ensure that IT and OT strategies, initiatives, and investments are aligned with business objectives and priorities.
- Performance Monitoring: Establishing key performance indicators (KPIs) and metrics to monitor and track the effectiveness of IT and OT Governance processes.
- Reporting: Preparing regular reports on IT and OT Governance performance and outcomes for management and stakeholders.
- Stakeholder Engagement: Establishing and maintaining effective communication and collaboration with stakeholders, including IT and OT teams, business units, senior management, and external partners, to promote understanding and support for IT and OT Governance initiatives and objectives.
Critical Responsibilities
- Ensuring that all activities are carried out in a safe manner complying with all regulatory requirements, legislation and HSES procedures.
Ethics and Compliance Responsibilities:
- Ensuring that all activities and behaviours are carried out in accordance with the Ethics and Compliance Policies and Procedures, and to complete any compulsory compliance training as required.
Areas of Accountability, Responsibility and Competence
- Working with the VP of Global IS Security and the Senior Manager of Risk and Compliance to support IS in delivering IT/OT Governance activities.
- Provide direction and leadership for the Governance IT/OT function.
- Developing and executing the Governance strategies in alignment with the overall long-term corporate strategy to improve efficiency and effectiveness.
- Partnering with the Risk and Compliance Lead to identify, assess, and prioritise IT risks and ensure that Governance practices effectively address these risks.
- Operating as the Subject Matter Expert/Primary Point of Contact for Governance-related activities, providing guidance and education as required.
- Collaborating with the Cyber Manager to develop Governance frameworks for incident response, ensuring IT policies support quick recovery and mitigation strategies.
- Leading pre-emptive activities to support Governance improvements while providing continuous input for process improvements.
- Ensuring timely and accurate reporting for senior management and key stakeholders to support decision-making.
- Ensuring that Governance documentation is maintained and readily available for audits, working closely with the Risk and Compliance Team to facilitate thorough reviews.
- Ensuring that the audit tests, maturity assessments, self-certifications, and reviews are relevant, consistent, and conducted following professionally accepted auditing standards.
- Managing the development of policies and processes which align with core business functions.
- Using professional knowledge and experience to set departmental goals which align with the overall function strategy.
- Monitoring the progress of critical in-house programs and ensures regulatory compliance.
- Working with colleagues in International Business Units (IBUs) to ensure Governance, standards and compliance are aligned and support international IS functions where required.
- May be required to provide out-of-hours support via an on-call rota.
Critical Skills
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk-related concepts to technical and non-technical audiences at various hierarchical levels.
- Experience in managing a team.
- Operational Technology expert level.
- Significant experience in implementing, managing, reviewing, and improving internal controls for Governance, compliance, IT and OT audits, or assurance and risk management programmes.
- Proven track record of performing internal or external audits (financial/operational/IT and OT) by relevant professional standards.
- Expert level understanding of designing, implementing and operating IT and OT Control Frameworks.
- Leads on complex assignments that require expertise and develops innovative GRC technical solutions.
- Provide expert-level technical support and monitor and improve processes and interventions for the GRC assurance programme.
- Validates operational GRC plans and oversees regulatory compliance and assurance.
- Proven track record and experience in developing policies and procedures and successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Demonstrated ability to work with and report to a Governance board (i.e., Risk, audit committee or similar).
- IT and OTIL, CISA, CISM or equivalent preferred.
- Highly proficient in audit methodologies, mainly but not limited to those applicable in IT and OT environments.
- BSc or equivalent experience or qualification in Computer Science or equivalent IT and OT work experience.
- Understanding of regulatory requirements, including cross-industry regulations (e.g., NIST2, OG86M, GDPR, Data Protection Act) and industry-specific regulations.
- Highly skilled in designing and implementing compliance and control frameworks.
- Proficient in IT and OT Governance and quality standards.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, IT and OTIL, COBIT and OT, as well as those from NIST(2), including 800-53 and Cybersecurity Framework.
- Excellent stakeholder management skills.
- High level of personal integrity and the ability to professionally handle confidential matters and show appropriate judgment and maturity.
- Ability to work cross-functionally with relevant functions – e.g., group risk and group audit – to ensure standards are appropriately reflected in IS and OT-specific domains.