Cybersecurity Lead OT-International

About Woodside Energy
We know great results come from our people feeling valued, getting the support they need to reach their full potential as well as bring their whole self to work. We also recognise that enduring, meaningful relationships with communities are fundamental to maintaining our licence to operate.
Technology and innovation are essential to our long-term sustainability. We are growing our carbon and new energy businesses using technology to reduce emissions and the carbon footprint of our products. We are working to improving energy efficiency, offset emissions, reduce emissions intensity and explore options for lower-carbon energy. Woodside led the development of the LNG industry in Australia and is applying this same pioneering spirit to solving future energy challenges.
Our global headquarters are based in Perth and our state-of-the-art campus reflects the quality of life Perth is known for - with a six Green Star rating, advanced wellness features and flexibility in how you work.
About the Role:
This role will be accountable for leading the establishment and maturity of Operational Technology governance, assurance and technical stewardship within the International Region. The role will act as the technical authority within the region for OT reference architecture, road maps, policies, standards, guidelines, critical control design, assurance and all associated analysis and improvement activities. Execution of various delivery of projects, maintenance, assurance and operations of the controls may sit with adjacent teams and stakeholders, and the OT lead must be able to influence and collaborate across multiple teams and stakeholders of varying levels.
Duties & Responsibilities:

• Responsible for maintaining and publishing OT cyber security reference architecture, roadmaps, policies, standards and guidelines
• Responsible for delivering OT cyber security architecture assessments, consultations and OT risk assessments.
• Responsible for critical control ownership of cyber security critical control performance standards, maintenance strategy, plans and instructions.
• Responsible for the continual development and improvement of the defensibility of our architectural landscape.
• Responsible for producing and maintaining of OT asset registers and overall knowledge and documentation of the US/Intl OT environments.
• Responsible for identify, measuring, and reporting of the overall OT cyber security risk landscape within the US/International region.
• Responsible for managing any on-site/remote OT cyber security assurance, maintenance or assessment activities, including the management and oversight of any third party vendor support.
• Responsible for working closely with CSOC and cybersecurity platform services delivery teams to ensure architecture designs are effective in terms of its defensibility and security within the Woodside US/Intl IT and OT systems and landscape.

Duties and Responsibilities Cont.

• Responsible to act as subject matter expert of Woodside US/Intl OT environments, systems, risk posture and cyber resilience.
• Responsible for keeping up to date with the changing threat landscape and suite of defender techniques and solutions that exist on the market, proving input into regional cybersecurity roadmap.
• Maintain knowledge and awareness of current and emerging threats and attack vectors of the Woodside environment and help recommend and develop effective controls to detect and protect against those risks.
• Maintain knowledge and awareness of Mitre ATT&CK and specifically Mitre ATT&CK for ICS. This includes awareness of the TTPs of the top 5 known APTs associated with Energy / Oil & Gas companies.
• Maintain knowledge and awareness of industry best practices, standards and frameworks and continuously assess and propose improvements to our internal architecture, roadmaps, policies, standards and guidelines i.e. NIST CSF, NIST 800-53, NIST 800-82, NIST 800-207, NIST 800-160v1, IEC 62443, CIS, ISO 27001, SANS ICS/OT Critical Controls

Skills & Experience:

• 8 years cyber security, IT or OT operational experience desirable.
• 5+ years' experience of designing and delivering large enterprise scale solutions with demonstrated security expertise.
• 5+ years' experience with development and publishing of cybersecurity policies, standards, processes, and procedures.
• Experience in OT, ICS, IEC 61511 Functional Safety, Process Safety and Critical infrastructure environments highly desirable
• Strong communication, organizational skills with good stakeholder management skills.
• Strong solution design and solution documentation skills is a must.
• Strong analytical skills being able to assess risk, perform RCAs and FMEA.
• Strong technical writing skills.
• A strong ability to understand business context and communicate risk and impacts in a clear, concise manner.
• Strong prioritization skills knowing how to prioritize between urgent and important priorities and manage stakeholder expectations.

If you think you can do this job but don't meet all the criteria, that's OK! Please apply. At Woodside, we value people with diverse experiences and backgrounds, as they provide unique perspectives that help us innovate.
Skills and Experience Cont.

• Advanced knowledge of frameworks including NIST CSF, NIST 800-53, NIST 800-82, NIST 800-207, NIST 800-160v1, IEC 62443, CIS, ISO 27001, SANS ICS/OT Critical Controls
• Bachelor degree from an industry recognised university
• Masters degree in Cyber security will be highly desirable
• One or more of the following certifications - CISSP, GICSP, GRID, GCDA, GDSA, TOGAF, ITIL, Microsoft Certified AZ-500, SC-300, AZ-303, AZ-304, AWS Security Specialty, CCIE, CCDE, PS-4
• Mandatory Behavioural and Character traits: Must be results oriented, biased to action, embody strong sense of ownership. Exhibit grit, able to embrace and quickly adapt to change, resilient and determined in overcoming challenges. Strong interpersonal and influencing skills. Demonstrates self-awareness and adapts style to connect with others. Have a growth mindset, approach problems in a principled manner adopting an ideas meritocratic approach.

• Advanced knowledge of frameworks including NIST CSF, NIST 800-53, NIST 800-82, NIST 800-207, NIST 800-160v1, IEC 62443, CIS, ISO 27001, SANS ICS/OT Critical Controls
• Bachelor degree from an industry recognised university
• Masters degree in Cyber security will be highly desirable
• One or more of the following certifications - CISSP, GICSP, GRID, GCDA, GDSA, TOGAF, ITIL, Microsoft Certified AZ-500, SC-300, AZ-303, AZ-304, AWS Security Specialty, CCIE, CCDE, PS-4
• Mandatory Behavioural and Character traits: Must be results oriented, biased to action, embody strong sense of ownership. Exhibit grit, able to embrace and quickly adapt to change, resilient and determined in overcoming challenges. Strong interpersonal and influencing skills. Demonstrates self-awareness and adapts style to connect with others. Have a growth mindset, approach problems in a principled manner adopting an ideas meritocratic approach.

• Advanced knowledge of frameworks including NIST CSF, NIST 800-53, NIST 800-82, NIST 800-207, NIST 800-160v1, IEC 62443, CIS, ISO 27001, SANS ICS/OT Critical Controls
• Bachelor degree from an industry recognised university
• Masters degree in Cyber security will be highly desirable
• One or more of the following certifications - CISSP, GICSP, GRID, GCDA, GDSA, TOGAF, ITIL, Microsoft Certified AZ-500, SC-300, AZ-303, AZ-304, AWS Security Specialty, CCIE, CCDE, PS-4
• Mandatory Behavioural and Character traits: Must be results oriented, biased to action, embody strong sense of ownership. Exhibit grit, able to embrace and quickly adapt to change, resilient and determined in overcoming challenges. Strong interpersonal and influencing skills. Demonstrates self-awareness and adapts style to connect with others. Have a growth mindset, approach problems in a principled manner adopting an ideas meritocratic approach.

Recognition & Reward:
What you can expect from us:

• Commitment to your ongoing development, including on-the-job opportunities, formal programs, coaching and mentoring
• Industry-leading 18 weeks' paid parental leave for primary carer, and maintenance of superannuation or retirement benefits at the current rate during any period of unpaid parental leave for up to 24 months (plus secondary carer leave entitlements)
• Values led culture
• Active employee community groups for gender equality, reconciliation between Indigenous and non-Indigenous Australians, and LGBTI+ staff and allies, and Neurodiversity
• Community volunteering opportunities
• Relocation assistance (if required)
• A competitive remuneration package featuring performance-based incentives and above-industry superannuation contributions

Woodside is committed to fostering an inclusive and diverse workforce culture, which is supported by our Values. Our aim is to attract, develop and retain a truly diverse and high-performing workforce.
Diversity encompasses differences in age, nationality, race, ethnicity, national origin, religious beliefs, sex, sexual orientation, intersex status, gender identity or expression, relationship status, disability, neurodiversity, cultural background, thinking styles, experience, family background, including caregiving commitments, and education. Inclusion centres on all employees creating a climate of trust and belonging, where people feel comfortable to bring their whole self to work.
We offer supportive pathways for all employees to grow and develop leadership skills. We encourage applications from Aboriginal and Torres Strait Islander people and those seeking a more flexible working environment, including part-time opportunities
Applications close at 11:59pm AWST on January 23 2024.
Click APPLY to submit your application
Please note Woodside Energy will only accept direct candidate applications. We do not accept applications from Recruitment Agencies.