Cybersecurity Governance and Risk Officer

  • Full-time

Company Description

Vitol is a leader in the energy sector with a presence across the spectrum: from oil through to power, renewables and carbon.  From 40 offices worldwide, we seek to add value across the energy supply chain, including deploying our scale and market understanding to help facilitate the energy transition. To date, we have committed over $2 billion of capital to renewable projects, and are identifying and developing low-carbon opportunities around the world.

Our people are our business. Talent is precious to us and we create an environment in which individuals can reach their full potential, unhindered by hierarchy. Our team comprises more than 65 nationalities and we are committed to developing and sustaining a diverse work force. Learn more about us here.

Job Description

The Governance and Risk Officer help ensure that the organization maintains a robust security posture, complies with relevant policies and standards, and fosters a culture of security awareness among employees.

Key Responsibilities:

  1. Governance and Compliance:
    • Ensure compliance with relevant laws, regulations, and standards when required.
    • Develop, enforce, review, and monitor compliance and update security policies, standards, and procedures.
  2. Risk Management:
    • Assist in Identifying and assessing risks across the organization.
    • Conduct risk assessments, identify potential security risks, and implement mitigation strategies.
    • Monitor and report on risk exposure and mitigation efforts.
  3. Awareness and Training:
    • Plan and execute security awareness campaigns and conduct phishing simulations to test employee awareness.
    • Define security awareness campaigns for specific profiles within the organisation.
    • Manage the employment lifecycle and performance of personnel in accordance with security requirements (background checks, vetting, transfers, risk designations, succession planning, disciplinary action, and termination) - in alignment with Human Resources
  4. Information Asset Inventories and Control Management
    • Maintain information asset inventories including categorization, critical assets, risks and security controls in place.
    • Ownership of the cybersecurity Control Catalog and ensure controls are applied.
  5. Security Auditing:
    • Perform security audits, internally and respond to external audit demands.
    • Perform 3rd Party audits and maintain an inventory of vetted suppliers and tools

Qualifications

  • 5+ years of professional experience in cybersecurity, with focus on auditing, governance, risk management.
  • Strong understanding of regulatory requirements and industry standards
  • Knowledge of best practices in modern security architectures and incident responses
  • Relevant security certifications such as CRISC, CISA.
  • Familiarity with security control frameworks: CIS Controls, NIST Special Publication 800-53
  • Familiarity with cybersecurity frameworks: NIST CSF, ISO27001

Additional Information

  • Highly responsive, energetic and enthusiastic
  • Analytical thinking and problem-solving skills
  • Ability to work independently and as part of a team
  • Strong ethical standards and integrity
  • Capable of prioritising tasks and meeting critical deadlines
  • Excellent judgment, attention to details
  • Excellent communication and interpersonal skills
  • Expect duty to expand beyond normal business hours
  • User/business focus
Privacy Policy