Cybersecurity Governance and Risk Officer

About our client:

Our client is a global leader in energy and commodities, celebrated for innovation, excellence, and integrity. Operating in over 40 locations, they drive energy trading and investments in crude oil, refined products, natural gas, LNG, power, and renewables.

With a dynamic, entrepreneurial culture, they empower talent to thrive, offering opportunities to work on impactful projects in major energy hubs. 

Committed to growth in renewables and cutting-edge infrastructure, they provide unparalleled support and development, making this the perfect place to grow your career and shape the future of energy.

What We Are Looking For:

We are seeking a dedicated and experienced cybersecurity professional to join our client as a Governance and Risk Officer.

Key Responsibilities:

Governance and Compliance:

• Ensure adherence to applicable laws, regulations, and standards as needed.
• Develop, enforce, review, and update security policies, standards, and procedures to ensure compliance.

Risk Management:

• Assist in identifying and assessing risks across the organization.
• Conduct risk assessments to identify potential security threats and implement mitigation strategies.
• Monitor and report on risk exposure and mitigation progress.

Awareness and Training:

• Design and execute security awareness campaigns, including phishing simulations to assess employee awareness.
• Tailor security awareness initiatives to specific roles within the organization.
• Oversee security-related aspects of the employment lifecycle, including background checks, vetting, transfers, risk designations, and termination, in collaboration with Human Resources.

Information Asset Inventories and Control Management:

• Maintain and manage information asset inventories, including categorization, critical assets, associated risks, and security controls.
• Take ownership of the cybersecurity Control Catalog and ensure security controls are effectively applied.

Security Auditing:

• Conduct internal security audits and address external audit requirements.
• Perform third-party audits and maintain an inventory of vetted suppliers and tools.

Required Skills and Experience:

• Experience: 5+ years of professional experience in cybersecurity, with a focus on auditing, governance, and risk management.
• Regulatory Expertise: Strong understanding of regulatory requirements and industry standards.
• Technical Knowledge: In-depth knowledge of modern security architectures, best practices, and incident response strategies.
• Certifications: Relevant security certifications, such as CRISC or CISA.
• Security Control Frameworks: Familiarity with frameworks like CIS Controls and NIST Special Publication 800-53.
• Cybersecurity Frameworks: Proficiency with cybersecurity standards such as NIST CSF and ISO 27001.

If you are passionate about cybersecurity, proactive in addressing challenges, and driven to create secure and resilient systems, we encourage you to apply!

Your Data

By submitting your resume, you agree to the retention and use of your personal data by TSG for recruitment purposes, including sharing with our clients in the context of your application.