Assistant Manager, Cybersecurity at a Leading Oil and Gas Company
Oando Plc is one of Africa’s largest integrated energy solutions provider with a proud heritage. It has a primary listing on the Nigeria Stock Exchange and a secondary listing on the Johannesburg Stock Exchange. With shared values of Teamwork, Respect, Integrity, Passion and Professionalism (TRIPP).
We are recruiting to fill the position below:
Job Title: Assistant Manager, Cybersecurity
Location: Port Harcourt, Rivers
Job Type: Full-time
Reports to: Manager, IT Security
Overall Purpose of Job
- The Asst. Mgr. Cybersecurity is responsible for designing, developing, and overseeing the implementation of the organization’s overall security architecture, with a focus on the unique challenges of the Oil and Gas industry.
- This role requires a deep understanding of business goals, security requirements, and industry-specific technologies to create a robust security framework that protects the company’s digital and physical assets, ensures compliance with regulations, and aligns with business objectives.
- The Asst. Mgr. Security Architect will work closely with various IT teams, business units, and leadership to integrate security measures across all systems, networks, and field locations.
Responsible For:
- Enterprise Security Architecture, Risk Management, Security Strategy, Compliance, Identity and Access Management, Threat Modelling, Security Controls Design, Security Policies and Standards, Technology Evaluation, Incident Response Planning, OT/IT Convergence Security, Cloud Security, Vendor Management.
Responsibilities
Architecture and Strategy:
- Develop and maintain a comprehensive enterprise security architecture that aligns with business objectives and addresses current and emerging threats in the Oil and Gas industry
- Create and update security reference architectures, patterns, and blueprints to guide the implementation of security controls across the organization, including cloud environments, ERP systems, SCADA networks, and remote field locations
- Lead the design and implementation of security controls across all IT and OT infrastructure layers
- Develop and maintain a security technology roadmap that supports the organization’s long-term security goals and addresses the convergence of IT and OT systems
- Ensure compliance with relevant industry regulations and standards (e.g., ISO 27001, Cybercrime Act, NDPR, NIST, GDPR, etc.).
Risk Management and Incident Response:
- Conduct regular risk assessments and threat modelling to identify vulnerabilities across IT and OT environments, and recommend mitigation strategies
- Lead security incident response planning and oversee major security incidents
- Ensure the effectiveness of disaster recovery and business continuity plans
- Oversee vulnerability management and penetration testing programs.
Security Operations and Implementation:
- Guide the implementation of security tools and technologies
- Oversee the security operations center (SOC) activities
- Ensure proper configuration and maintenance of security systems
- Monitor and analyze security metrics and key performance indicators
- Design and oversee the implementation of security controls for networks, systems, applications, and data, with a focus on protecting critical infrastructure and sensitive operational data.
Compliance and Governance:
- Develop, maintain, and enforce comprehensive security policies, standards, and guidelines that address both IT and OT environments
- Oversee internal and external security audits
- Manage security-related aspects of vendor relationships
- Collaborate with legal and compliance teams to address regulatory requirements specific to the energy sector
Leadership and Collaboration:
- Assist the CISO in coordinating the work priorities of Security Administrators across all aspects of security operations
- Collaborate with IT, OT, and business leaders to ensure security is integrated into all aspects of operations
- Provide regular reports and presentations to executive leadership
- Develop and maintain relationships with key security vendors and partners
- Act as a subject matter expert for all security-related matters.
Education and Awareness:
- Drive security awareness and training programs across the organization
- Stay abreast of emerging security threats, technologies, and best practices specific to the energy sector
- Educate executive leadership on cybersecurity risks and mitigation strategies
- Promote a culture of security awareness within the organization.
Continuous Improvement:
- Regularly assess the effectiveness of security controls across IT and OT environments and recommend improvements
- Implement metrics to measure the effectiveness of security programs
- Lead initiatives to enhance security maturity across the organization
- Integrate emerging technologies and methodologies into the security framework.
Person Specification
- Master’s Degree in Computer Science, Information Security, or related field
- 10+ years of experience in IT security, with at least 5 years in a senior security role
- Deep understanding of security architectures, frameworks, and methodologies
- Strong knowledge of network security, application security, and cloud security
- Experience with ICS/SCADA security in industrial environments
- Strong leadership and project management skills
- Experience with risk management and compliance frameworks
- Excellent communication skills, able to articulate complex security concepts to both technical and non-technical audiences
- Strategic thinker with the ability to align security initiatives with business objectives.
Required Competencies:
- Expert knowledge of cybersecurity principles, practices, and technologies
- Proficiency in security architecture frameworks (e.g. TOGAF)
- Strong understanding of IT governance frameworks (e.g., COBIT, ITIL)
- Expertise in security standards and regulations (e.g., ISO 27001, NDPR, NIST, GDPR)
- Advanced knowledge of network protocols, operating systems, and databases
- Familiarity with cloud security architectures and principles
- Strong project management and organizational skills
- Excellent problem-solving and analytical skills
- Ability to influence and collaborate with stakeholders at all levels
- Certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable
- Knowledge of Oil and Gas industry dynamics and specific security challenges.
Key Performance Indicators:
- Level of compliance with industry security standards and regulations
- Effectiveness of security controls across IT and OT environments
- % reduction in security incidents within the financial year
- Uptime of key security systems (e.g., firewalls, SIEM, IDS/IPS)
- Quality and timeliness of security reports to executive leadership
- Successful completion of penetration tests and security audits with findings addressed within agreed timelines
- % of critical vulnerabilities remediated within defined SLAs
- Maturity level of the organization’s security posture based on industry-standard frameworks
- Number of security awareness training sessions conducted and employee participation rate.
Application Closing Date
Not Specified.
How to Apply
Interested and qualified candidates should:
Click here to apply online
Closing date: Not specified