Information & Cybersecurity Advisor - VR/30721

An opportunity has arisen for an Information & Cybersecurity Advisor based in Aberdeen City Centre. This 100% office-based role can be undertaken on a permanent or contract basis. The position involves safeguarding information assets, ensuring compliance, and supporting IT security initiatives.

Overview

This multi-energy company is committed to a sustainable world with a forward-looking vision based on innovation, efficiency, respect, and value creation to drive progress in society. They are present across the entire value chain: exploration and production, transformation, development, and marketing of energy that is efficient, sustainable, and competitive for millions of people. With over 80 years of experience, they have been present in the entire oil and gas value chain in a sustainable and competitive way.

The Information & Cybersecurity Advisor is responsible for safeguarding information assets and ensures IT initiatives align with business objectives. Acting as a strategic partner, they develop and maintain a robust IT policy framework, manage the IT risk register, and identify emerging compliance requirements. By creating insightful KPIs, they track both IT service value and areas for improvement. The advisor collaborates with internal teams to deliver secure and compliant IT solutions, while also championing continuous improvement through effective communication and process reviews.

Duties and Responsibilities

• Developing and maintaining an integrated and business-aligned IT policy framework, streamlining policy documentation and removing redundancies when necessary.
• Developing and maintaining the IT risk register, coordinating IT risk assessments and monitoring mitigation progress.
• Identifying emerging IT regulatory compliance obligations and ensuring visibility and awareness within relevant IT teams.
• Developing insightful IT KPI criteria to track both service value and areas for further improvement.
• Leveraging partnerships with the central team to gain expertise and implement in the ways of working for the team.
• Being a strategic partner for the UK business following the philosophy and new standard of working.
• Collaborating with the Information & Cybersecurity Lead to ensure IT services are implemented compliantly, mitigating risks and delivering high-quality solutions.
• Providing expert advice on delivering robust and secure IT services and projects that meet both business needs and internal/regulatory compliance requirements.
• Identifying, assessing, and advising on security gaps, recommending and planning security improvements.
• Providing technical expertise on operational security tools (data loss prevention, third party supplier risk assessments, incident response, etc.).
• Supporting the implementation of improvements for key security tools and processes (SIEM, Endpoint Security, DLP, etc.).
• Facilitating the identification and assessment of Cybersecurity related risks.
• Overseeing internal testing processes of IT controls and collaborate with stakeholders to address identified deficiencies.
• Coordinating the delivery of external legal and security-related information.
• Participating in periodic reviews of IT projects and initiative delivery lifecycles to ensure process compliance and recommend improvement actions.
• Firmly understanding the threat of Cyber Attacks in IT and OT environments.

Skills, Qualifications and Experience

• Extensive, proven experience of IT in offshore oil and gas industry, preferably in a service delivery role.
• Experience in IT Project Management.
• Experience of working on a variety of cybersecurity incidents is preferred.
• Possesses good interpersonal skills and demonstrative customer focused experience.
• Experience in cybersecurity projects involving risk analysis, vulnerability assessments and network security.
• Foundation knowledge in Information Technology Infrastructure Library (ITIL) is preferred.
• Possesses ability to work independently and unsupervised defining appropriate priorities and working to deadline.
• The role may require travelling offshore for certain business requirements.

Educational Qualification and Certifications

• Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, or related field.
• Certified Information System Auditor (CISA) and Global Information Assurance Certification (GIAC) are amongst the preferred certifications.