IT Security Analyst
Apply NowCompany: Chord Energy
Location: Houston, TX 77084
Description:
Position Summary
The IT Security Analyst is responsible for the administration and design of Chord Energy's IT security systems and will lead the efforts to continuously improve the Company's IT security program. This position maintains a high level of security for all aspects of the Company's IT environment, participating in the design of security solutions to protect Company assets. This role will lead the installation, administration and maintenance of company IT security solutions and will partner with IT leadership and outside expertise, with the development of security vulnerability mitigation strategies and security compromise remediation and recovery playbooks. This position is located in downtown, Houston. Hybrid work schedule is an option for remote work on Mondays and Fridays. Level and salary commensurate with experience.
Essential Job Functions
Assess and coordinate IT-related security risks to the Company
Assist with the design, documentation, recommendation, and deployment of IT security strategies and technology solutions for the organization
Identify and address potential, successful, and unsuccessful intrusion attempts and compromises
Perform thorough reviews and analyses of relevant security events
Conduct regular audits (with 3rd party assistance, as needed) to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans
Recommend security tools and associated budget requirements for the organization
Perform vulnerability assessments and report on IT security risk levels to management
Lead IT security efforts in Corporate, SCADA, mobile, and cloud environments
Review security profiles for all endpoints including, but not limited to, server, client, mobile, and cloud
Act as primary contact for third-party security operations center partners for all functions
Assess and coordinate risk of third-party technologies as they relate to Company IT systems and data (Software-as-a-Service, Infrastructure-as-a-Services, consulting, new software and hardware solutions, etc.)
Participate in regular table-top exercises focused on remediation and recovery of IT systems/data compromise
Coordinate security incident management and remediation efforts
Facilitate Company security training program and any remedial security process education for Company personnel
Ensure IT personnel can assist with security program implementation and management of security solutions and tasks
Coordinate with other IT teams and business groups to understand Company processes as they relate to IT security
Act as a point of contact with the Company's Enterprise Risk Management team
Respond to IT security questions from both Internal and External Audit teams
Document and manage IT Security Policies, with IT leadership oversight, to ensure the policies are accurate, effective, and current
Promote awareness of applicable regulatory standards, risks, and industry best practices
Lead projects, including solution validation, project definition, and deliverable implementation
Adhere to and enforce Company security policies
Assist with department technology planning
Ability to work in a fast-paced and fluid environment; flexible with the demands of a growing company
Ability to meet deadlines
Ability to travel to field offices
On call rotation
This job description is not intended to be an all-inclusive list of duties and responsibilities of the position. Incumbents will be required to follow any other job-related instructions and duties outside of their normal responsibilities as assigned by their supervisor.
Minimum Qualifications
Bachelor's Degree, in Information Systems, Computer Science, or Information Security (or equivalent experience)
3 years of experience conducting IT compliance assessments (Sarbanes-Oxley, NIST, etc.)
3 years of experience in administering IT security controls in an organization
Experience in documenting and tracking issues within Jira or other IT ticketing systems
Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risks
Experience with IPS/IDS, SIEM, IAM and other IT security technologies
Proficient communication skills at all levels
Proficient time management skills
Ability to learn new technical concepts quickly and readily
Ability to work in a team environment, as well as on an individual, unsupervised basis
Physical Requirements and Working Conditions: Must possess mobility to work in a standard office setting and to use standard office equipment, including a computer, stamina to maintain attention to detail despite interruptions, strength to lift and carry equipment weighing up to 50 pounds, Ability to stand for long periods of time and walk office floors; vision to read printed materials and a computer screen, and hearing and speech to communicate in person and over the telephone.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Preferred Qualifications
Experience working within an upstream Oil and Gas organization
Experience with IOT and SCADA
Knowledge of Sarbanes-Oxley guidelines
Project management skills
Windows workstation and server administration
Experience performing security reviews and risk assessments
EEO Statement:
Chord Energy does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.
The IT Security Analyst is responsible for the administration and design of Chord Energy's IT security systems and will lead the efforts to continuously improve the Company's IT security program. This position maintains a high level of security for all aspects of the Company's IT environment, participating in the design of security solutions to protect Company assets. This role will lead the installation, administration and maintenance of company IT security solutions and will partner with IT leadership and outside expertise, with the development of security vulnerability mitigation strategies and security compromise remediation and recovery playbooks. This position is located in downtown, Houston. Hybrid work schedule is an option for remote work on Mondays and Fridays. Level and salary commensurate with experience.
Essential Job Functions
Assess and coordinate IT-related security risks to the Company
Assist with the design, documentation, recommendation, and deployment of IT security strategies and technology solutions for the organization
Identify and address potential, successful, and unsuccessful intrusion attempts and compromises
Perform thorough reviews and analyses of relevant security events
Conduct regular audits (with 3rd party assistance, as needed) to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans
Recommend security tools and associated budget requirements for the organization
Perform vulnerability assessments and report on IT security risk levels to management
Lead IT security efforts in Corporate, SCADA, mobile, and cloud environments
Review security profiles for all endpoints including, but not limited to, server, client, mobile, and cloud
Act as primary contact for third-party security operations center partners for all functions
Assess and coordinate risk of third-party technologies as they relate to Company IT systems and data (Software-as-a-Service, Infrastructure-as-a-Services, consulting, new software and hardware solutions, etc.)
Participate in regular table-top exercises focused on remediation and recovery of IT systems/data compromise
Coordinate security incident management and remediation efforts
Facilitate Company security training program and any remedial security process education for Company personnel
Ensure IT personnel can assist with security program implementation and management of security solutions and tasks
Coordinate with other IT teams and business groups to understand Company processes as they relate to IT security
Act as a point of contact with the Company's Enterprise Risk Management team
Respond to IT security questions from both Internal and External Audit teams
Document and manage IT Security Policies, with IT leadership oversight, to ensure the policies are accurate, effective, and current
Promote awareness of applicable regulatory standards, risks, and industry best practices
Lead projects, including solution validation, project definition, and deliverable implementation
Adhere to and enforce Company security policies
Assist with department technology planning
Ability to work in a fast-paced and fluid environment; flexible with the demands of a growing company
Ability to meet deadlines
Ability to travel to field offices
On call rotation
This job description is not intended to be an all-inclusive list of duties and responsibilities of the position. Incumbents will be required to follow any other job-related instructions and duties outside of their normal responsibilities as assigned by their supervisor.
Minimum Qualifications
Bachelor's Degree, in Information Systems, Computer Science, or Information Security (or equivalent experience)
3 years of experience conducting IT compliance assessments (Sarbanes-Oxley, NIST, etc.)
3 years of experience in administering IT security controls in an organization
Experience in documenting and tracking issues within Jira or other IT ticketing systems
Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risks
Experience with IPS/IDS, SIEM, IAM and other IT security technologies
Proficient communication skills at all levels
Proficient time management skills
Ability to learn new technical concepts quickly and readily
Ability to work in a team environment, as well as on an individual, unsupervised basis
Physical Requirements and Working Conditions: Must possess mobility to work in a standard office setting and to use standard office equipment, including a computer, stamina to maintain attention to detail despite interruptions, strength to lift and carry equipment weighing up to 50 pounds, Ability to stand for long periods of time and walk office floors; vision to read printed materials and a computer screen, and hearing and speech to communicate in person and over the telephone.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Preferred Qualifications
Experience working within an upstream Oil and Gas organization
Experience with IOT and SCADA
Knowledge of Sarbanes-Oxley guidelines
Project management skills
Windows workstation and server administration
Experience performing security reviews and risk assessments
EEO Statement:
Chord Energy does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.