333 Clay Street
Houston, Texas 77002-4173
Toll Free: 800-303-6545
The Senior IT Risk & Compliance Analyst reports to the Network & Infrastructure Director and while they have many responsibilities, the primary focus is to validate that the security controls documented in the Freeport LNG CyberSecurity Policy are correctly configured and protecting critical Freeport LNG assets from attack. If a deficiency exists you will be expected to help facilitate remediation.
Daily activities will center around performing hands-on security control validation assessments and working with the appropriate team(s) to remediate any detected risks or mis-configurations in an expedited manner. Trust but verify is your mission.
You will also manage the corporate security awareness/training and 3rd party risk assessment programs in conjunction with IT Security.
You'll work with state-of-the-art compliance reporting, security awareness, and penetration testing technologies, using commercial and open source solutions. You will also receive significant training - both daily hands on activities and through SANS or other leading ICS and IT security and compliance training providers.
Essential Functions & Duties/Responsibilities
•Validate Critical Security Controls - Actively validate current security controls including critical patches, security settings and rules are configured per the CyberSecurity Policy. This includes both reporting and hands-on validation. 30% of the team member’s time.
•Validate Critical Security Event Logging - Actively validate all current security and detective controls are logging accurate information to the appropriate Freeport LNG centralized logging solution. This also includes both reporting and hands-on validation. 30% of the team member’s time.
•Security Policy Management – Manage all IT security and compliance policies with the direction of the IT leadership team. Ensure the Freeport LNG CyberSecurity and related policies are updated and communicated to the organization as new threats emerge or new security controls are deployed. Ensure that all new employees are familiar with security policies and procedures. 25% of the team member’s time.
•ecurity Awareness & Training – Promote and manage the Freeport LNG security awareness and training program. Plan and schedule monthly ‘Learn and Lunch’ security events, quarterly security training and monthly targeted phishing campaign tests. 10% of the team member’s time.
•IT Risk Assessments and IT Audits: - Lead external IT audit and 3rd Party Risk Assessment requests. Participate in moderate to highly complex projects to deploy new solutions ensuring security controls and risk management are incorporated early in the design process. 5% of the team member’s time.
•Demonstrated desire to learn / expand areas of expertise
•Possesses a strong sense of urgency
•Possesses strong analytical and problem solving skills
•Possesses strong leadership skills and the ability to work effectively in a team environment
•Possesses excellent interpersonal skills, have the ability to coordinate and build effective relationships
•Possesses ability to prioritize workload – this role will involve significant multitasking!
•Understanding of Natural Gas/Liquefied Natural Gas/Natural Gas Liquids production, processing, distribution, business and marketing is a plus
•Plant-site experience is a plus
•Experience scripting with Powershell, shell and python is a plus