ConocoPhillips is the world's largest independent E&P company based on production and proved reserves. Headquartered in Houston, Texas, ConocoPhillips had operations and activities in 16 countries, $70 billion of total assets, and approximately 10,800 employees as of Dec. 31, 2018. Production excluding Libya averaged 1,242 MBOED in 2018, and preliminary proved reserves were 5.3 billion BOE as of Dec. 31, 2018.
Employees across the globe focus on fulfilling our core SPIRIT Values of safety, people, integrity, responsibility, innovation and teamwork. And we apply the characteristics that define leadership excellence in how we engage each other, collaborate with our teams, and drive the business.
The Information Security Analyst is a key member of the organization's Information Risk Management Program and of the Information Security team. The Information Security Analyst works closely with the other members of the team to develop and implement the information security program. This includes defining security policies, processes and standards. The Information Security Analyst works with members of the global IT organization to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.
This position can be located in either Bartlesville, OK or Houston, TX.
Responsibilities may include:
Works with ConocoPhillips business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:
Business system analysis
Communication, facilitation and consensus building
Assists in the coordination and completion of information security operations documentation
Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks
Reports to ConocoPhillips management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure security controls are implemented as planned
Collaborates on critical IT projects to ensure security issues are addressed throughout the project life cycle
Works with ConocoPhillips IT department and members of the information security team to identify, select and apply technical controls
Develops security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained
Advises security administrators on normal and exception-based processing of security authorization requests
Depending on the scope of the role, the information security analyst may be asked to fulfill on one or more of the following duties.
Definition and Implementation of Controls
Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment
Governance and Policy Support
Works within the information security governance process to define control recommendations that are both efficient and effective
Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes
Information Security Architecture Support
Assists in the development of security architecture and security policies, principles and standards
Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required
Legally authorized to work in the United States
5 years of IT or network security experience
3 years of experience performing risk, business impact, control and vulnerability assessments
1 years of experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) frameworks
1 years of experience in developing, documenting and maintaining security policies, processes, procedures and standards
Advanced knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
Advanced knowledge of risk assessment methods and technologies
Advanced knowledge of business applications, including ERP and financial systems
Advanced knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools
Intermediate knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts
Willing and able (with or without reasonable accommodation) to travel 25% of the time
Bachelor's degree or higher in Computer Science, Information Systems, Information Technology, Management Information Systems or related technical discipline
CISSP or other equivalent certification
3 years of experience in developing, documenting and maintaining security policies, processes, procedures and standards
Intermediate experience with Audit, compliance or governance
Takes ownership of actions and follows through on commitments by courageously dealing with important problems, holding others accountable, and standing up for what is right
Delivers results through realistic planning to accomplish goals
Generates effective solutions based on available information and makes timely decisions that are safe and ethical
To be considered for this position you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature on or before the requisition closing date of March 26, 2019.
Candidates for this U.S. position must be a U.S. citizen or national, or an alien admitted as permanent resident, refugee, asylee or temporary resident under 8 U.S.C. 1160(a) or 1255(a) (1). Individuals with temporary visas such as A, B, C, D, E, F, G, H, I, J, L, M, NATO, O, P, Q, R or TN or who need sponsorship for work authorization in the United States now or in the future, are not eligible for hire.
ConocoPhillips is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, veteran status, gender identity or expression, genetic information or any other legally protected status.