Cybersecurity is a rapidly evolving field, with technologies and threats constantly changing. It has been identified as one of the top five business risks within the Company, with the most critical risks potentially impacting over £500M. The job holder plays a crucial role in preserving the Company’s value and reputation by safeguarding the availability, integrity, and confidentiality of its information. This includes protecting against damage or degradation of Information Systems (both enterprise and industrial), loss or inaccuracy of information, unauthorized disclosure, and unauthorized use of Information Systems. Additionally, the job holder ensures compliance with legislation, regulations, and contractual obligations.

As the affiliate expert on information security, the job holder leads the IT technical aspects of security, oversees the awareness program for end-user information security behaviors, and serves as the Lead Auditor for internal and external information security and IS quality audits.

Join Our Team as a Senior Cybersecurity Engineer!

Are you passionate about cybersecurity and ready to take on a challenging role that makes a real impact? TEPUK is looking for a dynamic Senior Cybersecurity Engineer to safeguard our critical assets and manage our cybersecurity commitments. Ensure that cyber threats are identified, controlled, and mitigated while representing TEPUK in external industry and national information security forums.

Key Responsibilities:

• HSE Policy Commitment: Actively participate in company safety awareness and initiatives, demonstrating a personal commitment to the HSE Policy.
• Expert Security Advice: Provide expert-level security advice to Line Managers, Users, and IDP Department personnel on information security risks, issues, processes, tools, and behaviors. Communicate complex information in a clear, understandable manner for non-technical audiences, offering practical suggestions appropriate to the level of risk and impact.
• Awareness Program Development: Define and develop the annual information security awareness program, considering evolving threats, vulnerabilities, and user knowledge. Target awareness initiatives at specific groups as needed.
• Cybersecurity Awareness Initiatives: Develop and deliver cybersecurity awareness initiatives through various channels, using innovative methods to engage Information Users and drive behavioral change.
• Lead Auditor: Act as Lead Auditor for TEPUK-led cybersecurity audits, defining scope and plans, conducting audits, preparing reports, agreeing on action plans, and monitoring the closure of actions. Commission audits and tests by external specialists or the Internal Audit team, ensuring proper preparation, execution, and follow-up.
• Incident Management: Lead investigations of information security incidents, coordinating departmental activities and liaising with HQ support teams (DSI-EP and CERT) and external organizations as required. Ensure incidents are managed, controlled, and resolved. Conduct root cause analysis and lessons learned to identify actions that can reduce recurrence likelihood or impact. Prepare and submit monthly cybersecurity reports and NIS incident reports within the UK government framework.
• Disaster Recovery Planning: Define and manage the IS Disaster Recovery Plan, ensuring critical IS services are identified with appropriate Recovery Time Objectives and Recovery Point Objectives. Develop fit-for-purpose recovery solutions and processes, manage the overall DRP, and ensure regular testing in line with Company Rule CR EP INF 008.
• Security Architecture Integration: Ensure Group security architecture is embedded in all IS projects and activities by engaging early with project managers and product owners. Conduct information security risk assessments using TotalEnergies standards and industry best practices, identifying risks and developing action plans to address issues.
• Process Monitoring: Monitor recurrent IS processes with an information security impact, raising issues and agreeing on remedial actions.
• Derogation Requests: Create derogation requests for non-compliance issues and develop remediation plans with assistance from asset engineers/ITOPS if applicable.
• IT Officer Role: Review and approve system administration access to IS systems. Regularly review administration accounts to ensure they are deleted when no longer required or their permissions are restricted to what is strictly necessary.
• Timely Action Completion: Ensure information security actions are completed promptly and within SLAs according to priority by issuing monthly reports and conducting regular reviews with IDP Managers.
• Trend Awareness: Maintain awareness of emerging trends in information security and reported threats that could pose significant risks to the affiliate and the Company by attending weekly OGISF telephone conferences and periodic face-to-face meetings. Share intelligence with Branch and Company information security teams.
• Spearhead Cybersecurity Projects: Ensure timely and budget-conscious delivery of cybersecurity projects.

Qualifications:

• Bachelor’s degree in Information Systems, Engineering, or a related field.
• Significant industry experience, preferably at a senior level.
• Chartered status or equivalent in Information Security (e.g., CISSP, GICSP, GRID).

Technical Expertise:

• Proven experience in instrumentation & controls and/or IT disciplines.
• Deep understanding of information security standards, processes, and technologies, with broad technical IT/systems knowledge.
• Extensive knowledge of EP business processes and the information required to support them.
• Strong grasp of offshore operations and project management.

Skills and Abilities:

• Persuasive and convincing, with the ability to advocate for change and the adoption of improved processes and technical measures.
• Capable of explaining and presenting complex technical ideas and systems to both technical and non-technical audiences at all management levels.
• Skilled in developing and leveraging company and external networks.
• Self-motivated to keep skills and knowledge current through training, reading, research, conferences, seminars, and networking.
• Familiar with UK industry regulations related to the oil and gas sector.
• Experienced in managing contractors, vendors, and service providers.
• Excellent written and verbal communication skills.

Offshore Experience Requirement

We are particularly interested in candidates with offshore experience. This unique aspect of the role requires a deep understanding of the specific cybersecurity challenges and requirements in offshore environments.

If you are ready to take on this exciting challenge and make a significant impact on our cybersecurity landscape, apply now to join our team at TEPUK!