The Director of Cyber Security & Network Operations will be responsible for the support and operations of systems, processes and technologies that comprise EQT's Corporate and Industrial Control Systems (ICS) networks and for the Cyber Security management program that will help ensure that EQT's information assets are adequately protected.
Duties will include identifying, evaluating and reporting on IT security risks in a manner that meets management's requirements as well as compliance and regulatory requirements while aligning with the risk posture of the enterprise. The successful candidate will proactively work with business units to implement practices that meet defined objectives, policies and standards for information security and will handle the oversight of a variety of IT-related risk management activities.
As leader of the Cybersecurity program, the successful candidate will coordinate resources, while maintaining objectivity and a strong understanding that cyber security is just one of the business's activities. A key element of this position will be partnering with management to determine acceptable levels of risk for the organization.
This individual will also be responsible for leading the Network Operations team, who maintains our network, performs enhancements and upgrades, manages and maintains switches, routers, and firewalls, and works with a diverse team of business IT analysts on new application deployments.
Key responsibilities will include:
Lead and mentor the Manager of Network Operations by providing direction for planning, designing, and implementing Corporate Network solutions and ICS systems and services.
Works with internal business units to identify opportunities to improve business processes through the application of ICS technologies
Assures proper installation, operation, maintenance and upgrade of company Corporate and ICS networks.
Establishing the vision and implementation roadmap for the EQT Network and Cybersecurity Operations Center (NOC/SOC)
Developing, implementing and monitoring a strategic, comprehensive enterprise Cybersecurity and IT risk management program to ensure that the integrity, confidentiality and availability of information owned, controlled and processed by the organization.
Providing regular reporting on the current status of the information security program to Senior Business leaders and the Board of Directors as part of the enterprise risk management program.
Managing the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in Operational Technology (OT), Industrial Control Systems (ICS) operations and IT operations).
Developing, maintaining and publishing information security policies, standards and guidelines.
Managing security incidents and events.
Monitoring the external threat environment for emerging threats and liaising with external agencies, such as law enforcement or other advisory bodies.
Creating and managing information security and cyber risk management awareness training programs for employees, contractors and approved third-party system users.
Developing and enhancing an information security management framework leveraging the following: COBIT/Risk IT and National Institute of Standards and Technology (NIST), Oil and Gas Cybersecurity Capability Maturity Model (ONG-C2M2)
Creating and managing a unified and flexible control framework to integrate and ever-changing requirements resulting from current laws, standards and regulations.
Supporting the organization in the creation of a framework for roles and responsibilities with regard to information ownership, classification, retention, privacy and protection.
Providing strategic risk guidance for IT projects, including the evaluation and recommendation of security architecture and controls.
Facilitating the information security risk assessment, including the reporting and oversight of remediation.
Influencing disaster / cyber recovery policies and standards to align cyber security program goals. Coordinating the development of implementation plans and procedures to ensure that cyber security services are recovered in the event of a security event.
Facilitating a metrics and reporting framework to measure the efficiency and effectiveness of the program.
Bachelor's degree in Information Technology (IT), Computer Science, Business Administration or equivalent experience.
Minimum of 15 years of experience in a combination of information / cyber security, IT and/or IT risk management related positions. At least 10 of those years must be in a senior leadership role.
Minimum of 8 years of experience in a combination of Network Engineering / Network Operations. At least 3 of those years must be in a Network Operations leadership role.
Proven experience in dealing with IT security or IT risk management in the Natural Gas E&P/Midstream industry.
Experience developing and executing information security policies and procedures to meet organizational objectives.
Master's degree in IT or an MBA.
Excellent analytical skills and experience handling multiple projects under strict timelines. Strong project management skills including financial/budget management, scheduling and resource management.
Demonstrated success as the lead security professional at a Fortune 1000 organization.
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard. As well as Oil and Gas, local, state or federal laws, standards and regulations.
EOE AA M/F/Vet/Disability