Information Security Professional

General Description of the Role?

Part of Aker BP’s vision is to have a Information Security operations team capability that will contribute to the company’s overall security and safety, by keeping Aker BP one step ahead of security threats, both now and in the future. This is part of Aker BP’s Cyber security strategy, which is to establish a world-class Cyber- and Information Security operations capability at the company.? Developing this capability requires a holistic approach, addressing organizational, process and technology aspects of Cyber- and Information risk management, in close cooperation with Aker BP’s own experts and those of its partners and suppliers.?

?

We are looking for an Information Security Professional with expertise in operation and improvement of Cyber- and Information Security services. You will form part of an innovative and motivated Security team responsible for operation of a range of security services across Aker BP’s business and technology estate, which includes IT, Operational Technology (OT) and IoT-technologies. For the right candidate the position will also be considered for Stavanger or Trondheim. Some travel must be expected.

Qualifications & Experience?

• Education - min bachelor degree in the relevant field of studies
• Five or more years experience within Cyber- and Information security?

• Experience with the operation of managed security services, including incident management, ideally including experience working directly with service providers?

• In addition to incident management, experience with the operation and continual improvement of one or more of the following: SIEM, Security Device Management, Vulnerability Management, Endpoint Detection & Response, Advanced Security Analytics (including endpoint and user behaviour analysis) ?

• Industry experience within Oil & Gas or other sector that uses OT, e.g. Energy, Chemical, Industrial, Manufacturing ?

• Knowledge of ISMS & relevant standards (e.g. ISO 27001/2). Knowledge of CIS-controls is an advantage?

• Experience from working with OT and relevant standards (e.g. IEC 62443) is an advantage?

• Experience with agile methods, such as DevOps/DevSecOps is an advantage 

Main Responsibilities?

• Support the design and execution of pilots for implementation of new managed security services?

• Manage the operation of managed security services (including organizational, process and technology aspects) in close cooperation and collaboration with the company’s MSSP?

• Manage the phased rollout of implemented services across the business, based on a threat and risk assessment approach?

• Maintain an up-to-date status of security posture, including maintenance of the security operations dashboard?

• Manage the change pipeline for managed security services, ensuring successful handover and integration of new services into security operations?

• Responsible for reporting security operations status and trends to the CISO

• Respond to and oversee the management of cyber security incidents?

• Assess identified security vulnerabilities and provide input to their remediation & mitigation

Personal Attributes?

Aker BP places importance on candidates who are:?

• Curious (enquiring)?

• Responsible?

• Predictable?

• Committed?

• Respectful