This Hess Office of Cybersecurity member focuses on security governance and compliance through awareness, training, and risk management.
This role directly interfaces with internal IT, Managed Security Service Providers (MSSP), operating assets, and business functions, such as Global Supply Chain, Legal, and Human Resources.
ROLES & RESPONSIBILITIES
Mature and implement cybersecurity governance, risk, and compliance strategies and frameworks.
Develop and maintain cybersecurity policies, standards, and procedures.
Define and execute the organization’s cybersecurity training and awareness program.
Maintain and mature the organization’s third-party risk management strategy, procedures, and technologies.
Implement and enhance Governance, Risk, and Compliance strategy, procedures, and technologies.
Manage the cybersecurity risk register and report updates to Enterprise Risk Management, including emerging risks.
Establish and maintain cybersecurity program performance and risk metrics.
Guide and support IT, operating assets, and business functions on security requirements, regulatory compliance, and risk mitigation strategies.
Prepare reports and presentations for executive management, highlighting the organization's cybersecurity posture, compliance status, and risk profile.
Support the testing and validation of security controls, as directed by the CISO.
Serve as an Incident Response Commander, as required.
Work independently with guidance only in complex situations.
Minimum of eight (8) years of Security and Risk Management experience.
Strong knowledge of cybersecurity governance, risk management, and compliance frameworks, specifically NIST Cybersecurity Framework (CSF), NIST 800-53, NIST 800-82, and CIS.
Proficient in developing and implementing cybersecurity policies, procedures, and standards.
Experience implementing Governance, Risk, and Compliance platforms and modules, preferably ServiceNow.
Experience defining and executing cybersecurity third-party risk management program.
Strong analytical and problem-solving skills, with the ability to assess complex cybersecurity risks and develop effective mitigation strategies.
Excellent communication and interpersonal skills to effectively collaborate with stakeholders at all levels of the organization, including experience presenting to Senior Leadership.
Experience in program management with the ability to manage multiple initiatives simultaneously.
Education, Training & Certifications
Bachelor’s degree or equivalent experience in computer science, information systems, cybersecurity, or a related field
One or more of the following (or comparable) certifications - CRISC, CISA, CISM, GCPM, GSTRT, CISSP
The Hess Way of Working refers to competencies considered absolute pre-requisites for success. How you deliver results is as important as what you achieve. Every employee is expected to demonstrate the behaviors within these competencies to be considered an effective performer and, ultimately, earn career growth opportunities.
Effectively build trusted relationships
Effective communication and interpersonal skills
Ability to lead structured meetings with Leadership members
Ability to work independently with minimal supervision or with larger team
Ability to quickly adapt to new work processes, procedures, and/or requirements
Ability to think critically and strategically
Ability to identify inefficiencies and seek creative, workable solutions
Ability to set priorities, determine actionable steps and deliver the expected result
Ability to handle multiple tasks and manage deadlines
Hess is a leading independent energy company engaged in the exploration and production of crude oil and natural gas in areas including the onshore United States, Gulf of Mexico, South America, and Asia Pacific. We are a leader in the production of shale oil and gas and one of the largest operators in the Bakken formation, North Dakota. Hess is also known for its expertise in the development and production of projects in deep water offshore. We are engaged in exploration and appraisal activities offshore Guyana, participating in one of the industry’s largest oil discoveries in the past decade, as well as the Gulf of Mexico, Suriname and Canada.
We strive to meet the highest standards of corporate citizenship by protecting the health and safety of our employees, safeguarding the environment, and creating a long-lasting, positive impact on the communities where we do business. We are always looking for talented professionals who share these values and are passionate about making a difference in the world and in their careers. Hess aims to attract, retain and energize the best people by investing in their professional development and providing them with challenging and rewarding... opportunities for growth.
For more information about Hess Corporation, please visit our website at Hess.com