Join us. Unleash your energy within.
If you have world-class ambitions to reach the stars while keeping your feet on the ground, we’re the team for you. We've created a new breed of company – future-focused with reimagined ambition across all disciplines within the energy sector.
We love people who know their own potential and are not afraid to use it. We know that together, we’re far more than the sum of our parts. So, we celebrate people who want to grow and develop as we work together on some of the largest projects on the energy world stage.
Our purpose and beliefs:
As Kent, we’re tackling the greatest challenge of our time - to bring our world the energy it needs in the most responsible way ever imagined.
It’s the energy of every member of our team driven by our beliefs that is making this happen. Whatever our skill, our language, or our culture. These beliefs define and direct us every day to be the very best - for ourselves, our clients, our key stakeholders, the communities we operate in and the planet:
We PLAY BIG
We thrive on EMOTIONAL AGILITY
We are FANATICAL ABOUT PERFORMANCE
We are built on INFINITE THINKING
Read more about the Purpose, Beliefs and Guiding Principles that drive us: https://kentplc.com/who-we-are/purpose-beliefs
Our vision for Diversity, Inclusion and Belonging:
We recognise that diversity & inclusion are catalysts for success. We’re heightening awareness on the benefits of people diversity, diversity of experiences and diversity of our perspectives. Creating a culture of inclusivity where all employees feel a sense of belonging.
Our combined energy is fueled by different nationalities, across 6 continents and 24 countries. Our commitment is to celebrate character – no matter what ethnic background, gender, age, religion, identity, or disability.
About the job:
The Global IT Security and Compliance Director will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. The role will provide the vision and leadership necessary to manage the risk to the Kent and will ensure business alignment, effective governance, systems, integrity, and confidentiality.
As a key leader of Kent’s CDIO office reporting directly to the Chief Digital and Information Officer the Global IT Security and Compliance Director, focuses on the governance, risk and compliance aspects of security within the business, The role holder shall further develop and maintain information security policies and processes, ensure appropriate technical cyber defence is in place and manage employee security awareness training. This role serves as a critical resource for employees and leaders regarding information security policy implementation, interpretation, and compliance. The roles assess and prioritises information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics monthly and maturity models.
The role is responsible for reducing information security and cybersecurity risk to Kent by helping to prioritize and drive remediation efforts throughout the organization through the following:
- Establishing Cyber Strategy and roadmap
- stablishing and maintaining governance and compliance standards.
- Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
- Creating, maintaining, communicating, and enforcing information security policies.
- Advising CDIO and senior executive leadership on risk management, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
- Working with technical teams to ensure adequate cyber protection.
- Measuring and driving maturity improvements, adoption and creating security roadmaps
- Chair Kent’s security council.
- The role supports the CDIO and advisory external consultancy on the execution of the Information & Cyber Security Strategy
- Governance and Compliance Develops and owns overall security strategy.
- Owns and manages process for Incident Detection, Containment, Analysis and Response
- valuates new cybersecurity threats and IT trends and develops effective security controls.
- Oversees development of security awareness programs.
- Evaluates potential security breaches, coordinates response, and recommends corrective actions.
- Define and report on information security metrics.
- Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.
Develops and oversees effective disaster recovery and BCP policies and standards to align with company business continuity management program goals. Coordinates development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provides direction, support and in-house consulting in these areas.
- Develops, implements and maintains a monthly security risk reporting framework for management teams and governance committees.
- Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that Kent meets both the requirements and intent of its regulatory and compliance obligations.
- Prepares for and facilitates external audit examinations. Works closely with external auditors and ensures requests are completed timely.
- Creates and manages an information security program.
- Information Security Risk Assessment Identifies, analyses, evaluates, and documents information security risks and controls based on established risk criteria.
- Conducts security risk assessments of planned and installed information systems to identify vulnerabilities and risks.
- Recommends controls to mitigate security risks identified via risk assessment process.
- Communicates risk findings and recommendations that are clear and actionable by business stakeholders.
- Security Policy Management and Workforce Training and Awareness Supports workforce security activities including culture, awareness, and training.
- Facilitates collection of evidence to support investigations of possible security or policy violations.
- Analyses information security incidents in collaboration with other stakeholders.
- Coordinates remediation and awareness training.
- Researches, recommends, and contributes to information security polices, standards, and procedures.
- Assists with the lifecycle management of information security policies and supporting documents.
- Works with other organisational participants to implement information security policies.
- Third-party Supplier and Vendor Risk Management Performs third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle.
- Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
- Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
- Assists with review of information security sections within supplier and client contracts, identifies gaps, and recommends security and data privacy content to close gaps.
Your knowledge/skills, education, and experience:
- Qualification/ Certification: Bachelor’s degree from an accredited institution, with degree preferred in Computer Science or Information technology systems security or related field. Master’s degree preferred.
- Communication:Excellent command of the English language in both oral and written communication and skills.
- Core Competencies:Minimum of ten (10) years within the last twelve (12) years of experience in the field related to the title of the position.
- Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification.
- Knowledge of Information technology infrastructure library (ITIL) (certification preferred) with respect to security administration and information technology governance in a multiplatform environment.
- Experience in establishing cybersecurity and risk metrics for reporting
- Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
- Demonstrated management skills, e.g. policy development and implementation, personnel administration, staff training and development. Demonstrated ability to work with diverse people; effective oral and written communication skills.
Details about the role:
Location: UK - Must be a current resident
Relocation required: No
Travel required: Yes
Contract type: Permanent
Experience level: 10 years. Director level with ambitions to achieve CISO for a large global organisation