POSITION SUMMARY

This Hess Office of Cybersecurity member focuses on security governance and compliance through awareness, training, and risk management.

This role directly interfaces with internal IT, Managed Security Service Providers (MSSP), operating assets, and business functions, such as Global Supply Chain, Legal, and Human Resources.

ROLES & RESPONSIBILITIES

• Mature and implement cybersecurity governance, risk, and compliance strategies and frameworks.
• Develop and maintain cybersecurity policies, standards, and procedures.
• Define and execute the organization’s cybersecurity training and awareness program.
• Maintain and mature the organization’s third-party risk management strategy, procedures, and technologies.
• Implement and enhance Governance, Risk, and Compliance strategy, procedures, and technologies.
• Manage the cybersecurity risk register and report updates to Enterprise Risk Management, including emerging risks.
• Establish and maintain cybersecurity program performance and risk metrics.
• Guide and support IT, operating assets, and business functions on security requirements, regulatory compliance, and risk mitigation strategies.
• Prepare reports and presentations for executive management, highlighting the organization's cybersecurity posture, compliance status, and risk profile.
• Support the testing and validation of security controls, as directed by the CISO.
• Serve as an Incident Response Commander, as required.
• Work independently with guidance only in complex situations.

QUALIFICATIONS
Experience

• Minimum of eight (8) years of Security and Risk Management experience.
• Strong knowledge of cybersecurity governance, risk management, and compliance frameworks, specifically NIST Cybersecurity Framework (CSF), NIST 800-53, NIST 800-82, and CIS.
• Proficient in developing and implementing cybersecurity policies, procedures, and standards.
• Experience implementing Governance, Risk, and Compliance platforms and modules, preferably ServiceNow.
• Experience defining and executing cybersecurity third-party risk management program.
• Strong analytical and problem-solving skills, with the ability to assess complex cybersecurity risks and develop effective mitigation strategies.
• Excellent communication and interpersonal skills to effectively collaborate with stakeholders at all levels of the organization, including experience presenting to Senior Leadership.
• Experience in program management with the ability to manage multiple initiatives simultaneously.

Education, Training & Certifications

• Bachelor’s degree or equivalent experience in computer science, information systems, cybersecurity, or a related field
• One or more of the following (or comparable) certifications - CRISC, CISA, CISM, GCPM, GSTRT, CISSP

Competencies

The Hess Way of Working refers to competencies considered absolute pre-requisites for success. How you deliver results is as important as what you achieve. Every employee is expected to demonstrate the behaviors within these competencies to be considered an effective performer and, ultimately, earn career growth opportunities.

• Behavioral Expectations:
  • Effectively build trusted relationships
  • Effective communication and interpersonal skills
  • Ability to lead structured meetings with Leadership members
  • Ability to work independently with minimal supervision or with larger team
  • Ability to quickly adapt to new work processes, procedures, and/or requirements
  • Ability to think critically and strategically
  • Ability to identify inefficiencies and seek creative, workable solutions
  • Ability to set priorities, determine actionable steps and deliver the expected result
  • Ability to handle multiple tasks and manage deadlines
  • Highly motivated and self-starter