Cybersecurity Governance and Risk Officer

About our client:

Our client is a global leader in energy and commodities, celebrated for innovation, excellence, and integrity. Operating in over 40 locations, they drive energy trading and investments in crude oil, refined products, natural gas, LNG, power, and renewables.

With a dynamic, entrepreneurial culture, they empower talent to thrive, offering opportunities to work on impactful projects in major energy hubs. 

Committed to growth in renewables and cutting-edge infrastructure, they provide unparalleled support and development, making this the perfect place to grow your career and shape the future of energy.

Who We Are Looking For:

We are seeking an accomplished and detail-oriented cybersecurity professional to join our client\u2019s team as a Governance and Risk Officer.

Key Responsibilities:

Governance and Compliance:

• Ensure compliance with relevant laws, regulations, and industry standards.
• Develop, implement, review, and update security policies, standards, and procedures to maintain alignment with compliance requirements.

Risk Management:

• Support the identification and evaluation of risks throughout the organization.
• Perform risk assessments to pinpoint potential security threats and devise mitigation strategies.
• Monitor risk exposure and report on progress in addressing identified risks.

Awareness and Training:

• Create and deliver security awareness initiatives, including phishing simulations, to evaluate and enhance employee understanding.
• Customize security awareness programs to suit specific roles within the organization.
• Collaborate with HR to oversee security considerations during the employment lifecycle, including background checks, risk designations, and terminations.

Information Asset Management and Control Implementation:

• Manage and maintain inventories of information assets, including their categorization, criticality, associated risks, and applicable controls.
• Oversee the cybersecurity Control Catalog, ensuring controls are applied effectively and consistently.

Security Auditing:

• Conduct internal security audits and respond to external audit requirements.
• Perform audits of third-party vendors and maintain a comprehensive inventory of vetted suppliers and tools.

Required Skills and Experience:

• Professional Experience: At least 5 years in cybersecurity roles, focusing on governance, risk management, and auditing.
• Regulatory Knowledge: Deep understanding of regulatory requirements and key industry standards.
• Technical Proficiency: Expertise in modern security architectures, best practices, and incident response methodologies.
• Certifications: Relevant credentials such as CRISC or CISA.
• Security Frameworks: Familiarity with frameworks such as CIS Controls and NIST SP 800-53.
• Cybersecurity Standards: Proficient in standards like NIST CSF and ISO 27001.

If you are passionate about cybersecurity, proactive in addressing challenges, and driven to create secure and resilient systems, we encourage you to apply!

Your Data

By submitting your resume, you agree to the retention and use of your personal data by TSG for recruitment purposes, including sharing with our clients in the context of your application.