hiring
General Jobs

Assistant Manager, Cybersecurity at a Leading Oil and Gas Company

Oando Plc is one of Africa’s largest integrated energy solutions provider with a proud heritage. It has a primary listing on the Nigeria Stock Exchange and a secondary listing on the Johannesburg Stock Exchange. With shared values of Teamwork, Respect, Integrity, Passion and Professionalism (TRIPP).

We are recruiting to fill the position below:

Job Title: Assistant Manager, Cybersecurity

Location: Port Harcourt, Rivers
Job Type: Full-time
Reports to: Manager, IT Security

Overall Purpose of Job

  • The Asst. Mgr. Cybersecurity is responsible for designing, developing, and overseeing the implementation of the organization’s overall security architecture, with a focus on the unique challenges of the Oil and Gas industry.
  • This role requires a deep understanding of business goals, security requirements, and industry-specific technologies to create a robust security framework that protects the company’s digital and physical assets, ensures compliance with regulations, and aligns with business objectives.
  • The Asst. Mgr. Security Architect will work closely with various IT teams, business units, and leadership to integrate security measures across all systems, networks, and field locations.

Responsible For:

  • Enterprise Security Architecture, Risk Management, Security Strategy, Compliance, Identity and Access Management, Threat Modelling, Security Controls Design, Security Policies and Standards, Technology Evaluation, Incident Response Planning, OT/IT Convergence Security, Cloud Security, Vendor Management.

Responsibilities
Architecture and Strategy:

  • Develop and maintain a comprehensive enterprise security architecture that aligns with business objectives and addresses current and emerging threats in the Oil and Gas industry
  • Create and update security reference architectures, patterns, and blueprints to guide the implementation of security controls across the organization, including cloud environments, ERP systems, SCADA networks, and remote field locations
  • Lead the design and implementation of security controls across all IT and OT infrastructure layers
  • Develop and maintain a security technology roadmap that supports the organization’s long-term security goals and addresses the convergence of IT and OT systems
  • Ensure compliance with relevant industry regulations and standards (e.g., ISO 27001, Cybercrime Act, NDPR, NIST, GDPR, etc.).

Risk Management and Incident Response:

  • Conduct regular risk assessments and threat modelling to identify vulnerabilities across IT and OT environments, and recommend mitigation strategies
  • Lead security incident response planning and oversee major security incidents
  • Ensure the effectiveness of disaster recovery and business continuity plans
  • Oversee vulnerability management and penetration testing programs.

Security Operations and Implementation:

  • Guide the implementation of security tools and technologies
  • Oversee the security operations center (SOC) activities
  • Ensure proper configuration and maintenance of security systems
  • Monitor and analyze security metrics and key performance indicators
  • Design and oversee the implementation of security controls for networks, systems, applications, and data, with a focus on protecting critical infrastructure and sensitive operational data.

Compliance and Governance:

  • Develop, maintain, and enforce comprehensive security policies, standards, and guidelines that address both IT and OT environments
  • Oversee internal and external security audits
  • Manage security-related aspects of vendor relationships
  • Collaborate with legal and compliance teams to address regulatory requirements specific to the energy sector

Leadership and Collaboration:

  • Assist the CISO in coordinating the work priorities of Security Administrators across all aspects of security operations
  • Collaborate with IT, OT, and business leaders to ensure security is integrated into all aspects of operations
  • Provide regular reports and presentations to executive leadership
  • Develop and maintain relationships with key security vendors and partners
  • Act as a subject matter expert for all security-related matters.

Education and Awareness:

  • Drive security awareness and training programs across the organization
  • Stay abreast of emerging security threats, technologies, and best practices specific to the energy sector
  • Educate executive leadership on cybersecurity risks and mitigation strategies
  • Promote a culture of security awareness within the organization.

Continuous Improvement:

  • Regularly assess the effectiveness of security controls across IT and OT environments and recommend improvements
  • Implement metrics to measure the effectiveness of security programs
  • Lead initiatives to enhance security maturity across the organization
  • Integrate emerging technologies and methodologies into the security framework.

Person Specification

  • Master’s Degree in Computer Science, Information Security, or related field
  • 10+ years of experience in IT security, with at least 5 years in a senior security role
  • Deep understanding of security architectures, frameworks, and methodologies
  • Strong knowledge of network security, application security, and cloud security
  • Experience with ICS/SCADA security in industrial environments
  • Strong leadership and project management skills
  • Experience with risk management and compliance frameworks
  • Excellent communication skills, able to articulate complex security concepts to both technical and non-technical audiences
  • Strategic thinker with the ability to align security initiatives with business objectives.

Required Competencies:

  • Expert knowledge of cybersecurity principles, practices, and technologies
  • Proficiency in security architecture frameworks (e.g. TOGAF)
  • Strong understanding of IT governance frameworks (e.g., COBIT, ITIL)
  • Expertise in security standards and regulations (e.g., ISO 27001, NDPR, NIST, GDPR)
  • Advanced knowledge of network protocols, operating systems, and databases
  • Familiarity with cloud security architectures and principles
  • Strong project management and organizational skills
  • Excellent problem-solving and analytical skills
  • Ability to influence and collaborate with stakeholders at all levels
  • Certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable
  • Knowledge of Oil and Gas industry dynamics and specific security challenges.

Key Performance Indicators:

  • Level of compliance with industry security standards and regulations
  • Effectiveness of security controls across IT and OT environments
  • % reduction in security incidents within the financial year
  • Uptime of key security systems (e.g., firewalls, SIEM, IDS/IPS)
  • Quality and timeliness of security reports to executive leadership
  • Successful completion of penetration tests and security audits with findings addressed within agreed timelines
  • % of critical vulnerabilities remediated within defined SLAs
  • Maturity level of the organization’s security posture based on industry-standard frameworks
  • Number of security awareness training sessions conducted and employee participation rate.

Application Closing Date
Not Specified.

How to Apply
Interested and qualified candidates should:
Click here to apply online

Closing date: Not specified