At Murphy Oil Corporation, we believe the rich experiences and backgrounds of our employees strengthen our Company, create a productive workforce, and drive our success. We encourage you to apply for the positions for which you meet the qualifications.
Job Summary
Murphy Oil Corporation is looking for an Sr IT Security Specialist to support our growing Global IT Security team. The ideal candidate is an experienced and dynamic individual who will serve as the lead for our Cyber GRC and Security Engineering and Architecture functions. This critical role involves managing day-to-day IT Security operations, overseeing Security Incident Response, managing the 3rd party risk management program, coordinating with OT security team to address risks, and ensuring needs of the business and operations are addressed in a timely manner.
The right candidate is an enthusiastic leader who is passionate about learning and exploring new areas and keeping up with breaking cyber security incidents/ events/ vulnerabilities/ best practices. The candidate excels in crafting innovative solutions and collaborating adeptly with stakeholders across business, internal IT, Operations, and third-party service providers.
The IT Security Specialist will work in our Houston Corporate office and may work two (2) days a week remote.
Responsibilities
Contribute to IT security vision, roadmap, and execution plan
Oversee the day-to-day operational support of the IT Security team including leading the weekly status meetings, handling, and prioritizing help desk tickets, managing projects/ deadlines/ resources, and overseeing Incident Response
Define/update /oversee IT Security policies/procedures/standards and drive enforcement.
Own and update the Murphy Cybersecurity framework and perform annual internal security assessments to determine posture. Also, develop a remediation plan and ensure completion
Support the Head of IT Security in establishing overall enterprise information security architecture (EISA) with the organization's overall security strategy
Support the Head of IT Security in planning the IT Security budget and staffing needs
Support the Head of IT Security in advising senior management (e.g., Chief Information Officer, Executives, Board Members) on risk levels and security posture
Oversee the information security training and awareness program (including Phishing campaigns)
Establish scoring and grading metrics to measure the maturity and effectiveness of Cybersecurity program
Prepare reports to document the investigation following legal standards and requirements.
Coordinate with business users, systems architects, analysts, and developers, as needed, to provide oversight in the development of design solutions
Provide input on security requirements to be included in statements of work and other appropriate procurement documents
Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals)
Keep current with latest cyber security developments, threat intel, attack methods, emerging tools/technologies/strategies, and disseminate across IT
Manage the life cycle of security-related products
Actively identify, recommend, and implement cybersecurity and risk management technology solutions that ensure business needs are met while enhancing the organization's security posture, and maturing the cybersecurity function
Lead special projects as assigned
Licenses/Certifications
CISSP certification
Qualifications/Requirements
Bachelor's degree in cyber security, Computer Science, or a related Information Technology field
Minimum 7 years' experience in cyber security with 3 years' experience serving in a Cybersecurity supervisory role
Big 4 experience
Experience delivering cybersecurity and risk management information and analysis to leadership across the organization
Familiar with security best practice standards such as NIST 800-53, ISO 27001, COBIT, OWASP, etc.
Knowledge of cloud security principles, particularly in popular cloud platforms (e.g., AWS, Azure, GCP)
Experience and working knowledge of Microsoft E5 Security suite (MDE, Intune, Purview,
Strong MS Active Directory administration skills and experience
Able to manage multiple projects and initiatives concurrently
Effective communication skills both written and verbal
Strong project management experience
Detail oriented, analytical, and inquisitive
Ability to work independently and with others
Ability to knowledge share and train others
Highly organized with strong time-management skills
Ability to impact and effect change without being confrontational
Maintain user confidence and protect operations by keeping information confidential
Desired/Preferred Qualifications
CISM certification
Minimum 2 years' experience working in a Security Operation Center (SOC)
Proven experience enhancing the maturity of an enterprise-wide cybersecurity program.
Strong experience building/managing 3rd party risk management program.
In-depth knowledge and hands-on experience with security standards and best practices applicable to DevSecOps architecture, practices and tools.
Experience integrating security into CI/CD pipelines (e.g., Jenkins, GitLab CI, Travis CI) to automate security testing.
Familiarity with security orchestration and automation tools such as Ansible, Terraform, or equivalent.
Proficiency in at least one programming language (e.g., Python, Java, Go) and scripting languages for security automation.
Experience deploying data protection policies/standards (e.g., data classification policy) and controls (e.g., DLP) across the enterprise.
Experience in working within Oil/Gas industry.
Knowledge and experience of OT security risks and controls
PURPOSE
We believe in providing energy that empowers people.
MISSION
We challenge the norm, tap into our strong legacy and use our foresight and financial discipline to deliver inspired energy solutions.
VISION
We see a future where we are an industry leader who is positively impacting lives for the next 100 years and beyond.
Murphy Oil Corporation participates in the Department of Homeland Security U.S. Citizenship and Immigration Services' E-Verify program. Please read the E-Verify Notice-English / E-Verify Notice-Spanish and Right to Work Notice before proceeding with your job application.
For additional information, you may also visit the USCIS website.
Murphy Oil Corporation is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, genetic information, age, national origin, sexual orientation, disability, protected veteran status or any other category protected by federal, state or local law. EEO is the Law Poster EEO is the Law Supplement
