IT/OT Security Manager

Noble Corporation is seeking an experienced IT/OT Security Manager to oversee and manage the cybersecu-rity program which includes vulnerability management, SOC, and Operation technology manage services program. This role will ensure all identified vulnerabilities are tracked, reported, and remediated in a timely manner within the Security Operations team.
Ensuring the SOC is operating as expected to ensure security and compliance as expected.
Interpret and execute security policies and procedures to safeguard company in-formation and assets within our Security Operations team, its related supported applications and Infrastructure.
Ensuring all identified vulnerabilities are tracked, reported, and remediated in a timely manner within the Security Operations team.

Responsibilities:

• Respond to customer due diligence requests by providing accurate and timely information regarding our Security Operations team and its supported applications.
• Collaborate with other members of the operations/infrastructure teams to identify and address any vulnerabilities or threats within for the supported application using tools such as Rapid 7, Crowdstrike, and Power BI.
• Monitor security alerts and participate in security incidents and breaches within our Security Operations team and its related systems, including enterprise systems and cloud providers.
• Communicate effectively with stakeholders and provide regular reports on the status of the vulnerability program and compliance audits within our Security Operations team for the supported applications.
• Participate in a yearly NIST and maturity assessment and provide evidence to ensure readiness for IT teams assigned controls.
• Track and remediate technical debt in the support organization.
• Support security and compliance of platforms, applications, and services.
• Provide guidance and co-ordination for our policies, processes, frameworks, compliance obligations, controls monitoring, and operational resilience work.
• Support the implementation of controls that map to compliance frameworks such as NIST-CSF, SOC2, and GDPR.
• Support the management of risk from security issues by understanding security risk, monitoring control effectiveness and reporting.
• Participate and support security and technology debt-based initiatives.
• Supporting the Director of Infosec with advice and guidance on security aspects across process, service, and technology design.
• Contributing to security risk management and resilience oversight.
• Undertake information assurance reviews and support audits and provide management information on reviews.
• Architectural design documents are reviewed, to ensure appropriate controls are in place, and testing and acceptance processes in place to ensure controls requirements are implemented.
• Support end to end engagement on a range of IT projects, as appropriate, for technical security requirements, ensuring security and privacy by design.
• Support the identification, development, and delivery of cyber security improvements over the technical infrastructure.
• Experience with external facing reporting with customers and as needed
• Provide guidance and support the Offshore cyber team as needed
• Reporting and executing ad-hoc project under director of Infosec

Qualifications:

• 5-8 years of experience in IT security, with a focus on vulnerability management and audit experience with SOC2, and NIST
• Strong understanding of enterprise systems like Windows Server and Linux, as well as experience working with cloud providers like Azure or AWS
• Knowledge and understanding of cyber threats, attack vectors, techniques, mitigation, and detection.
• Knowledge of security standards and protocols, such as ISO 27001 and NIST
• Experience with security tools such as vulnerability scanners, intrusion detection systems, and Web Application Firewalls
• Experience and deep commitment to the transformation to a DevSecOps culture focusing on Security and Compliance
• Experience with IEC-62443, ISO 27001/2, and NIST 800-82
• Relevant certifications such as CISSP, CISM, or CISA are a plus
• Expert background in IT/OT Risk Assessment methodology.
• Experience managing the global team based on multiple time zones.
• Experience with SOC2, SOX, GDPR controls, SecOps, will be helpful in this role.
• International travel is required – 25%