Director, Chief Information Security Officer

Company Profile

Oceaneering is a global provider of engineered services and products, primarily to the offshore energy industry. We develop products and services for use throughout the lifecycle of an offshore oilfield, from drilling to decommissioning. We operate the world's premier fleet of work class ROVs. Additionally, we are a leader in offshore oilfield maintenance services, umbilicals, subsea hardware, and tooling. We also use applied technology expertise to serve the defense, entertainment, material handling, aerospace, science, and renewable energy industries.

Position Summary

The Chief Information Security Officer (CISO) leads a team responsible for identifying, developing, implementing, and maintaining processes across the organization to reduce information and technology risks. The CISO is a strategic business executive, as well as security professional, who goes beyond tactical and operational security oversight. He is also a strategist and an evangelist who can communicate security concepts in business-relevant terms to C-Suite members and Boards. Cybersecurity is a key part of Oceaneering's enterprise risk framework and is treated as an important enterprise risk. The CISO is responsible for implementing our cybersecurity roadmap and continuously works with business and IT to refresh the roadmap as technology and business objectives change. The CISO takes a practical approach to designing, implementing and maintaining adequate technology and resources to prevent, detect, and respond to incidents. The CISO establishes appropriate standards and controls, manages security technologies, and directs the implementation of cybersecurity policies and procedures. Some of the key responsibilities of the role include.

Duties And Responsibilities

LEADERSHIP AND STRATEGY : Establish and implement a strategic, comprehensive enterprise information security and IT risk management program. Create and articulate compelling business cases for cybersecurity initiatives and link them to Oceaneering's strategic business objectives. Develop and manage a team to implement the strategy for enterprise security.

BUSINESS PARTNERSHIP : Collaborate with IT and business units to align security initiatives with organizational objectives, regulatory requirements, and industry best practices. Work with Business Unit (BU) leaders to appoint BU Security Champions to oversee security requirement implementations within business units and integrate security into day-to-day operations. Treat BU security champions as part of the IT security team and ensure that they are trained and informed of cybersecurity initiatives and how they may affect their business unit.

COMMUNICATION : Work directly with business units to facilitate risk assessment and risk management processes. Work with senior business leaders to create oversight committees for large cybersecurity projects. Provide regular reporting on the status of the information security program to the executive leadership team and the board of directors. Develop a cybersecurity awareness program that communicates the value of cybersecurity in supporting business objectives, protecting assets, and enabling innovation at Oceaneering.

POLICY DEVELOPMENT : Identify, develop, implement, and maintain information security policies, standards, procedures, and guidelines. Requires strategic planning, policy development, risk assessment, and compliance management to help ensure Oceaneering meets regulatory requirements and effectively manages risks.

ARCHITECTURE & ENGINEERING : Lead the design, implementation, and continuous improvement of security architectures, ensuring that all systems, networks, and applications are resilient against evolving threats.

DETECTION AND RESPONSE : Oversee the development of a robust threat intelligence program to proactively identify, assess, and mitigate cyber threats. This includes monitoring, threat hunting, and incident response to ensure that potential threats are identified and addressed promptly.

COMPLIANCE : Align security capabilities to an industry leading framework such as NIST, ISO27001, and others, and clearly define roles and responsibilities of the Cybersecurity team. Ensure compliance with changing laws and applicable regulations, such as CMMC, DIBCAC, CUI, and ITAR for our government business. Monitor information security trends and keep senior management informed about security related issues and activities.

TRAINING AND AWARENESS : Oversee the development and implementation of security awareness training programs. Train employees on security best practices and ensure they are aware of their responsibilities.

TECHNICAL EXPERTISE : Identify potential threats and vulnerabilities to the organization's information systems through ongoing monitoring and assessment. Implement and maintain security measures, such as firewalls, antivirus software, and intrusion detection systems. Ensure that regular testing is conducted and includes pen testing, vulnerability assessments, and red teaming.

OPERATIONAL TECHNOLOGY (OT) CONTROLS : Partner with business units to implement OT controls, ensuring the security of operational technology systems and processes. Design and establish enterprise-wide risk-based OT program, and partner to source the work associated with the build, implement, and support of the OT Security program.

SECURE SOFTWARE DEVELOPMENT LIFECYCLE : Collaborate with various development teams within Oceaneering to implement a secure software development lifecycle process, ensuring that security is integrated into every stage of software development.

Qualifications

• EDUCATION : Bachelor's degree in computer science, Information Technology, or a related field. A master's degree is preferred.
• EXPERIENCE : At least 15 years of experience in information security, including 10 years in a leadership role. Oil & Gas Industry or Industrial Manufacturing experience is a plus.
• CERTIFICATIONS : Relevant certifications such as CISSP, CISM, or CISA are highly desirable.
• SKILLS :

Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences.

Additional Information

This position is Hybrid - Remote and will require commuting to a designated office. Hybrid work schedules are determined by the hiring manager based on business need.

PAY, BENEFITS AND WORK SCHEDULE :

We offer a comprehensive and competitive benefits package. Employee benefits vary by role, however, may include Health and Wellness, Mental Health, Retirement Savings, Life and Disability, Paid Maternity and Parental Leave, Paid Time Off, Tuition Reimbursement, and an Employee Assistance Program.

Equal Opportunity Employer

All qualified candidates will receive consideration for all positions without regard to race, color, age, religion, sex (including pregnancy), sexual orientation, gender identity,national origin, veteran status,disability, genetic information, or other non-merit factors.

How To Apply

Regular full-time employees who apply will be considered along with external candidates. Employees with less than six months with their current position are not eligible to apply for job postings. Please discuss your interest in the position with your current manager / supervisor prior to submitting your completed application. It is highly recommended to apply through the PeopleSoft or Oceanet portals.