Murphy Oil
Sr IT Cybersecurity Specialist
Murphy Oil, Houston, Texas, United States, 77246
At Murphy Oil Corporation, we believe the rich experiences and backgrounds of our employees strengthen our Company, create a productive workforce, and drive our success. We encourage you to apply for the positions for which you meet the qualifications.
Job Summary
Murphy Oil Corporation is looking for an Sr IT Security Specialist to support our growing Global IT Security team. The ideal candidate is an experienced and dynamic individual who will serve as the lead for our Cyber GRC and Security Engineering and Architecture functions. This critical role involves managing day-to-day IT Security operations, overseeing Security Incident Response, managing the 3rd party risk management program, coordinating with OT security team to address risks, and ensuring needs of the business and operations are addressed in a timely manner.
The right candidate is an enthusiastic leader who is passionate about learning and exploring new areas and keeping up with breaking cyber security incidents/ events/ vulnerabilities/ best practices. The candidate excels in crafting innovative solutions and collaborating adeptly with stakeholders across business, internal IT, Operations, and third-party service providers.
The IT Security Specialist will work in our Houston Corporate office and may work two (2) days a week remote.
Responsibilities
Contribute to IT security vision, roadmap, and execution planOversee the day-to-day operational support of the IT Security team including leading the weekly status meetings, handling, and prioritizing help desk tickets, managing projects/ deadlines/ resources, and overseeing Incident ResponseDefine/update /oversee IT Security policies/procedures/standards and drive enforcement.Own and update the Murphy Cybersecurity framework and perform annual internal security assessments to determine posture. Also, develop a remediation plan and ensure completionSupport the Head of IT Security in establishing overall enterprise information security architecture (EISA) with the organization's overall security strategySupport the Head of IT Security in planning the IT Security budget and staffing needsSupport the Head of IT Security in advising senior management (e.g., Chief Information Officer, Executives, Board Members) on risk levels and security postureOversee the information security training and awareness program (including Phishing campaigns)Establish scoring and grading metrics to measure the maturity and effectiveness of Cybersecurity programPrepare reports to document the investigation following legal standards and requirements.Coordinate with business users, systems architects, analysts, and developers, as needed, to provide oversight in the development of design solutionsProvide input on security requirements to be included in statements of work and other appropriate procurement documentsEstablish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals)Keep current with latest cyber security developments, threat intel, attack methods, emerging tools/technologies/strategies, and disseminate across ITManage the life cycle of security-related productsActively identify, recommend, and implement cybersecurity and risk management technology solutions that ensure business needs are met while enhancing the organization's security posture, and maturing the cybersecurity functionLead special projects as assignedLicenses/Certifications
CISSP certification
Qualifications/Requirements
Bachelor's degree in cyber security, Computer Science, or a related Information Technology fieldMinimum 7 years' experience in cyber security with 3 years' experience serving in a Cybersecurity supervisory roleBig 4 experienceExperience delivering cybersecurity and risk management information and analysis to leadership across the organizationFamiliar with security best practice standards such as NIST 800-53, ISO 27001, COBIT, OWASP, etc.Knowledge of cloud security principles, particularly in popular cloud platforms (e.g., AWS, Azure, GCP)Experience and working knowledge of Microsoft E5 Security suite (MDE, Intune, Purview,Strong MS Active Directory administration skills and experienceAble to manage multiple projects and initiatives concurrentlyEffective communication skills both written and verbalStrong project management experienceDetail oriented, analytical, and inquisitiveAbility to work independently and with othersAbility to knowledge share and train othersHighly organized with strong time-management skillsAbility to impact and effect change without being confrontationalMaintain user confidence and protect operations by keeping information confidentialDesired/Preferred Qualifications
CISM certificationMinimum 2 years' experience working in a Security Operation Center (SOC)Proven experience enhancing the maturity of an enterprise-wide cybersecurity program.Strong experience building/managing 3rd party risk management program.In-depth knowledge and hands-on experience with security standards and best practices applicable to DevSecOps architecture, practices and tools.Experience integrating security into CI/CD pipelines (e.g., Jenkins, GitLab CI, Travis CI) to automate security testing.Familiarity with security orchestration and automation tools such as Ansible, Terraform, or equivalent.Proficiency in at least one programming language (e.g., Python, Java, Go) and scripting languages for security automation.Experience deploying data protection policies/standards (e.g., data classification policy) and controls (e.g., DLP) across the enterprise.Experience in working within Oil/Gas industry.Knowledge and experience of OT security risks and controlsPURPOSE
We believe in providing energy that empowers people.
MISSION
We challenge the norm, tap into our strong legacy and use our foresight and financial discipline to deliver inspired energy solutions.
VISION
We see a future where we are an industry leader who is positively impacting lives for the next 100 years and beyond.
VALUES & BEHAVIORS
Do Right Always
Respect people, safety, environment and the lawFollow through on commitmentsMake it betterThink Beyond Possible
Offer solutionStep up and leadDon't settle for "good enough"Embrace new opportunitiesStay With It
Show resilienceLean into challengesSupport each otherConsider the implications
Murphy Oil Corporation participates in the Department of Homeland Security U.S. Citizenship and Immigration Services' E-Verify program. Please read the E-Verify Notice-English / E-Verify Notice-Spanish and Right to Work Notice before proceeding with your job application.
For additional information, you may also visit the USCIS website.
Murphy Oil Corporation is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, genetic information, age, national origin, sexual orientation, disability, protected veteran status or any other category protected by federal, state or local law.EEO is the Law PosterEEO is the Law Supplement
Job Summary
Murphy Oil Corporation is looking for an Sr IT Security Specialist to support our growing Global IT Security team. The ideal candidate is an experienced and dynamic individual who will serve as the lead for our Cyber GRC and Security Engineering and Architecture functions. This critical role involves managing day-to-day IT Security operations, overseeing Security Incident Response, managing the 3rd party risk management program, coordinating with OT security team to address risks, and ensuring needs of the business and operations are addressed in a timely manner.
The right candidate is an enthusiastic leader who is passionate about learning and exploring new areas and keeping up with breaking cyber security incidents/ events/ vulnerabilities/ best practices. The candidate excels in crafting innovative solutions and collaborating adeptly with stakeholders across business, internal IT, Operations, and third-party service providers.
The IT Security Specialist will work in our Houston Corporate office and may work two (2) days a week remote.
Responsibilities
Contribute to IT security vision, roadmap, and execution planOversee the day-to-day operational support of the IT Security team including leading the weekly status meetings, handling, and prioritizing help desk tickets, managing projects/ deadlines/ resources, and overseeing Incident ResponseDefine/update /oversee IT Security policies/procedures/standards and drive enforcement.Own and update the Murphy Cybersecurity framework and perform annual internal security assessments to determine posture. Also, develop a remediation plan and ensure completionSupport the Head of IT Security in establishing overall enterprise information security architecture (EISA) with the organization's overall security strategySupport the Head of IT Security in planning the IT Security budget and staffing needsSupport the Head of IT Security in advising senior management (e.g., Chief Information Officer, Executives, Board Members) on risk levels and security postureOversee the information security training and awareness program (including Phishing campaigns)Establish scoring and grading metrics to measure the maturity and effectiveness of Cybersecurity programPrepare reports to document the investigation following legal standards and requirements.Coordinate with business users, systems architects, analysts, and developers, as needed, to provide oversight in the development of design solutionsProvide input on security requirements to be included in statements of work and other appropriate procurement documentsEstablish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals)Keep current with latest cyber security developments, threat intel, attack methods, emerging tools/technologies/strategies, and disseminate across ITManage the life cycle of security-related productsActively identify, recommend, and implement cybersecurity and risk management technology solutions that ensure business needs are met while enhancing the organization's security posture, and maturing the cybersecurity functionLead special projects as assignedLicenses/Certifications
CISSP certification
Qualifications/Requirements
Bachelor's degree in cyber security, Computer Science, or a related Information Technology fieldMinimum 7 years' experience in cyber security with 3 years' experience serving in a Cybersecurity supervisory roleBig 4 experienceExperience delivering cybersecurity and risk management information and analysis to leadership across the organizationFamiliar with security best practice standards such as NIST 800-53, ISO 27001, COBIT, OWASP, etc.Knowledge of cloud security principles, particularly in popular cloud platforms (e.g., AWS, Azure, GCP)Experience and working knowledge of Microsoft E5 Security suite (MDE, Intune, Purview,Strong MS Active Directory administration skills and experienceAble to manage multiple projects and initiatives concurrentlyEffective communication skills both written and verbalStrong project management experienceDetail oriented, analytical, and inquisitiveAbility to work independently and with othersAbility to knowledge share and train othersHighly organized with strong time-management skillsAbility to impact and effect change without being confrontationalMaintain user confidence and protect operations by keeping information confidentialDesired/Preferred Qualifications
CISM certificationMinimum 2 years' experience working in a Security Operation Center (SOC)Proven experience enhancing the maturity of an enterprise-wide cybersecurity program.Strong experience building/managing 3rd party risk management program.In-depth knowledge and hands-on experience with security standards and best practices applicable to DevSecOps architecture, practices and tools.Experience integrating security into CI/CD pipelines (e.g., Jenkins, GitLab CI, Travis CI) to automate security testing.Familiarity with security orchestration and automation tools such as Ansible, Terraform, or equivalent.Proficiency in at least one programming language (e.g., Python, Java, Go) and scripting languages for security automation.Experience deploying data protection policies/standards (e.g., data classification policy) and controls (e.g., DLP) across the enterprise.Experience in working within Oil/Gas industry.Knowledge and experience of OT security risks and controlsPURPOSE
We believe in providing energy that empowers people.
MISSION
We challenge the norm, tap into our strong legacy and use our foresight and financial discipline to deliver inspired energy solutions.
VISION
We see a future where we are an industry leader who is positively impacting lives for the next 100 years and beyond.
VALUES & BEHAVIORS
Do Right Always
Respect people, safety, environment and the lawFollow through on commitmentsMake it betterThink Beyond Possible
Offer solutionStep up and leadDon't settle for "good enough"Embrace new opportunitiesStay With It
Show resilienceLean into challengesSupport each otherConsider the implications
Murphy Oil Corporation participates in the Department of Homeland Security U.S. Citizenship and Immigration Services' E-Verify program. Please read the E-Verify Notice-English / E-Verify Notice-Spanish and Right to Work Notice before proceeding with your job application.
For additional information, you may also visit the USCIS website.
Murphy Oil Corporation is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, genetic information, age, national origin, sexual orientation, disability, protected veteran status or any other category protected by federal, state or local law.EEO is the Law PosterEEO is the Law Supplement