Information Security Analyst

Conocophillips Houston , TX 77020

Posted 1 week ago

Our Company

ConocoPhillips is the world's largest independent E&P company based on production and proved reserves. Headquartered in Houston, Texas, ConocoPhillips had operations and activities in 16 countries, $70 billion of total assets, and approximately 10,800 employees as of Dec. 31, 2018. Production excluding Libya averaged 1,242 MBOED in 2018, and preliminary proved reserves were 5.3 billion BOE as of Dec. 31, 2018.

Employees across the globe focus on fulfilling our core SPIRIT Values of safety, people, integrity, responsibility, innovation and teamwork. And we apply the characteristics that define leadership excellence in how we engage each other, collaborate with our teams, and drive the business.


The Information Security Analyst is a key member of the organization's Information Risk Management Program and of the Information Security team. The Information Security Analyst works closely with the other members of the team to develop and implement the information security program. This includes defining security policies, processes and standards. The Information Security Analyst works with members of the global IT organization to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.

This position can be located in either Bartlesville, OK or Houston, TX.

Responsibilities may include:

Primary Duties

  • Works with ConocoPhillips business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:

  • Business system analysis

  • Communication, facilitation and consensus building

  • Assists in the coordination and completion of information security operations documentation

  • Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks

  • Reports to ConocoPhillips management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance

  • Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure security controls are implemented as planned

  • Collaborates on critical IT projects to ensure security issues are addressed throughout the project life cycle

  • Works with ConocoPhillips IT department and members of the information security team to identify, select and apply technical controls

  • Develops security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained

  • Advises security administrators on normal and exception-based processing of security authorization requests

Additional Duties

Depending on the scope of the role, the information security analyst may be asked to fulfill on one or more of the following duties.

Definition and Implementation of Controls

  • Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems

  • Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment

Governance and Policy Support

  • Works within the information security governance process to define control recommendations that are both efficient and effective

  • Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes

Information Security Architecture Support

  • Assists in the development of security architecture and security policies, principles and standards

  • Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required


  • Legally authorized to work in the United States

  • 5 years of IT or network security experience

  • 3 years of experience performing risk, business impact, control and vulnerability assessments

  • 1 years of experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) frameworks

  • 1 years of experience in developing, documenting and maintaining security policies, processes, procedures and standards

  • Advanced knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls

  • Advanced knowledge of risk assessment methods and technologies

  • Advanced knowledge of business applications, including ERP and financial systems

  • Advanced knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools

  • Intermediate knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts

  • Willing and able (with or without reasonable accommodation) to travel 25% of the time


  • Bachelor's degree or higher in Computer Science, Information Systems, Information Technology, Management Information Systems or related technical discipline

  • CISSP or other equivalent certification

  • 3 years of experience in developing, documenting and maintaining security policies, processes, procedures and standards

  • Intermediate experience with Audit, compliance or governance

  • Takes ownership of actions and follows through on commitments by courageously dealing with important problems, holding others accountable, and standing up for what is right

  • Delivers results through realistic planning to accomplish goals

  • Generates effective solutions based on available information and makes timely decisions that are safe and ethical

To be considered for this position you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature on or before the requisition closing date of March 26, 2019.

Candidates for this U.S. position must be a U.S. citizen or national, or an alien admitted as permanent resident, refugee, asylee or temporary resident under 8 U.S.C. 1160(a) or 1255(a) (1). Individuals with temporary visas such as A, B, C, D, E, F, G, H, I, J, L, M, NATO, O, P, Q, R or TN or who need sponsorship for work authorization in the United States now or in the future, are not eligible for hire.

ConocoPhillips is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, veteran status, gender identity or expression, genetic information or any other legally protected status.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Analyst


Posted 1 week ago

VIEW JOBS 3/18/2019 12:00:00 AM 2019-06-16T00:00 Pumps Equipment, a division of Sulzer Ltd, is a global leader in the development and supply of pumping solutions and related equipment to its key markets oil and gas, power, and water. We provide a challenging and rewarding work environment where diversity is valued as a key driver for success. Reporting directly to the Chief Information Security Officer, your main responsibility will be to * Identify Information Security risks, detect information security incidents * Mainly participate in security incident management including working with internal and external parties where necessary * Help to improve internal investigation and forensics capabilities for responding to security incidents through tool and process implementations and training * Provide security consulting for Sulzer employees Your Profile * Bachelor's degree in Computer Science or related field * Good communication skills with fluency in English * In minimum 2 years work experience, including experience in responding to security problems, including looking at security alerts, front-line analysis and escalation * CISSP, CEH or equivalent certification * Deep knowledge about Windows based operating systems. Includes analysis of security issues e.g. interpreting log files, etc. * Deep knowledge about networks with ability to perform investigations (log file analysis, etc.) * Good knowledge about Information Security in general * Deep understanding of the current threat landscape including common attack types and malware capabilities * Good understanding of mobile-related technologies and Cloud-based access management controls We offer In this new exciting and challenging role, you will have the possibility to apply your existing knowledge and learn new skills in a dynamic global environment. You will become part of the IT organization that successfully operates in 40 countries in the world. Together with your team you will have the opportunity to contribute to the success of the Group IT Organization at Sulzer. Recruitment fraud warning: False job offers There have recently been a number of recruitment frauds in different parts of the world. Individuals and organizations purporting to represent Sulzer have offered people false employment opportunities at Sulzer (often via e-mail and LinkedIn). Candidates have been asked for sensitive personal and financial information, and in some cases for payment to secure interviews or guarantee a job. These e-mails can look authentic, with a company logo or convincing personal details. However, they have no connection with Sulzer, nor do we use these methods as part of the recruitment process. Any genuine offer from Sulzer will always be preceded by a formal application and face-to-face interviews. We do not ask for any financial commitment or contribution from a candidate at any stage of the recruitment process We advise you to look out for grammar and spelling errors, to check the sender's details and not to disclose personal or financial details to anyone you do not know. If you believe you have been a victim of a fraudulent job offer concerning Sulzer, or if you want to verify the source of any job offer, please contact us at communications [at] Sulzer Houston TX

Information Security Analyst