Accessibility Links
  • Job reference: RMS0145602

Local Information Security Officer

  • Sector: ICT
  • Location: London
  • Job type: Contract
  • Date posted: 03/10/2014
  • Time left:
    d h m s
    (20/10/14)
This vacancy has now expired.
Send jobs like this to my email    What's this?
The Role:
The E&P Local Information Security Officer (LISO) is tasked with developing, running and maintaining the Information Security Management System (ISMS) within E&P. The position co-ordinates and reconciles issues relating to information security, and acting in an advisory capacity where required. Tasks of the LISO include the developing and managing of local policies, managing third parties as well as the identification, classification and evaluation of critical assets from an information security risk perspective.

The remit of the LISO comprises three pillars of information security protection:
(1) CIT - commercial and office IT varying from end user PCs to data centres
(2) PIT - process IT systems e.g. offshore infrastructure
(3) NON-IT - non-it information for instance on documents & communication

Organisation Structure:
The LISO
• Functionally reports to the E.ON Group ISO based in Dusseldorf
• Operationally reports to the E&P General Manager IT in Stavanger/London

Job Requirements

Manage and direct ISMS activities for the company's E&P.
• Create and maintain an inventory of key business processes, of information that is important from a business perspective, or in terms of legal or regulatory requirements or other perspectives, and of underlying resources (IT applications and infrastructure) for PIT and CIT and their owners (partly in cooperation with the IT service provider),
• Manage (with the participation of business representatives, providers, etc.) the annual classification of the protection requirements of information and resources (i.e. mainly for Business Applications, Process IT resources and Non-IT resources),
• Manage the annual risk analysis (with the participation of business representatives, providers, etc.), the interface to German Control and Transparency in Enterprises Act (KonTraG) with respect to information security risks, create and maintain risk overview reports,
• Ensure information security requirements are factored in to programmes and projects
• Manage and maintain an up-to-date picture of security threats and vulnerabilities
• Plan and manage measures to improve information security,
• Ensure adherence to / with GP3-19 compliance management and reporting, including interface to E.ON’s Internal Control System (ICS),
• Produce and coordinate EON E&P wide directives, processes, policies and procedures for information security,
• Participate in Group-wide working groups on information security and the Information Security Manager Meeting,
• Manage information security incidents,
• Advice E&P crisis management team,
• Promote staff awareness of information security issues within E&P,
• Manage authorizations of information security exceptions for E&P and its associated business units,
• Ensure information security requirements are adhered to by third party service providers
• Prepare regular reports about the information security situation of E&P,
• Act as a point of contact and source of advice on issues related to information security of E&P and its associated business units,
• Maintain schedule of legal requirements and monitor legal developments,
• Coordinate with interface functions within the E&P business,
• Provide input to and support IT disaster recovery and business continuity planning initiatives
• Maintain contact with relevant regional associations, government agencies (e.g. Petroleum Safety Authority, Petroleum Directorate and equivalent across the E&P foot print), forums, etc.

Essential Skills / Qualifications:
• Excellent understanding of Oil and Gas company business processes , applicable laws and regulations.
• Formal Education and Degree qualifications in IT, Information security or risk management or similar.
• Proven skills and experience in Information Security and Risk Management.
• Familiar with Information Security Standards (ISO 27000 etc.)
• Project management experience and analytical skills.
• Good understanding of technology and practical implications for the users.
• Excellent communication and interpersonal skills, successful outcomes from conflicting interests/priorities.
• Excellent written and oral presentation skills with the ability to produce clear and concise reports and communications to internal and external stakeholders.
• Willing and able to frequent travel within Germany, UK, Norway, and occasionally other locations.
Similar jobs
Ecommerce Operations Manager Location Home Based Duration permanent The Role: Must have at least 5+ years experience as an...
Ahmed Jamal Khan
Regional Sales Manager (Devices - Tablets/PCs) Location Home Based Duration permanent The Role: RESPONSIBILITIES: - Responsible for Laptop/Tablet...
Fuad Mirzayev
Programmer 1C Location Tbilisi Duration 1 year The Role: * Participation in projects on automation of...

Back to Top

By clicking "Save" you consent to
receiving matching jobs based on the
job/page you are viewing by email from
Fircroft, as detailed in our privacy policy
Fircroft would like to keep you up to date with our current vacancies and latest company updates via email. Occasionally Fircrofts marketing may contain 3rd party or affiliate information, however we will not share your personal data with any 3rd parties without your consent. From time to time, we might contact you to get your views on the service you have received. To help you get the best out of Fircroft, we may personalise them based on your location and how you use fircroft.com
Fircroft would like to keep you up to date with the latest company updates and vacancies via SMS / Text messages
Your consent options above means that Fircroft cannot contact you about any new or alternative career vacancies. If you want Fircroft to only contact you about the role(s) you have applied for please continue, however if you would like to be considered for other positions please allow us to contact you by changing one or more of the above consent.