Senior OT Security Analyst

We're hiring a Senior OT Security Analyst to work at our Corporate Office in Houston, Texas while working a hybrid work schedule. Noble is a leading offshore drilling contractor. We own and operate one of the most modern and technically advanced fleets. Noble has been engaged in the contract drilling of oil and gas wells since 1921. Noble performs, through its subsidiaries, contract drilling services with a fleet of offshore drilling units focused largely on ultra-deepwater and high specification jackup drilling opportunities in both established and emerging regions worldwide. Our vision is to be the leading offshore driller by being first choice for employees, customers, and investors. Our mission is drilling to power the world responsibly. The Senior OT (Operational Technology) Security Analyst implements security systems for both on-premises and cloud OT networks. Key duties include assessing current security measures, recommending improvements, identifying vulnerabilities, participating in projects to provide expert security guidance, and responding quickly to security incidents.

RESPONSIBILITIES:

• Understand the organization's technology and OT systems.
• Design and research security architectures.
• Ensure compliance with Noble, customers, and regulatory standards in OT operations.
• Develop and approve requirements for network devices and installations.
• Test, maintain, and upgrade security systems as needed.
• Participate in disaster recovery and conduct security breach drills.
• Respond to security incidents and provide analysis.
• Guide the security team, promote awareness, and arrange ongoing education.
• Stay current on security systems, standards, protocols, and products.
• Establish secure system and application designs aligned with best practices.
• Advise on new initiatives to define and implement necessary security controls.
• Assess security risk and impact of organizational system changes.
• Identify opportunities to standardize and optimize the security stack, leveraging cloud capabilities.
• Monitor industry trends, threats, vulnerabilities, and technologies.
• Make independent decisions and represent leadership when required.
• Support customer audits by preparing evidence and reviewing risk assessments for Noble's rigs.

QUALIFICATIONS:

• Bachelor's Degree or equivalent education in Computer Science, Information Systems, information Security or other Information Technology-related field.
• Additional certifications (CISSP, CASP+ or similar certification required)
• 7 years of related experience in technical security and engineering function, including hands-on experience in: GDPR, NIST 800-53, NIST 800-171, NIST CSF, IEC- 62443
• Provide technical security architecture guidance and oversight to ensure increased security architecture maturity
• Ability to travel15 to 20% as needed.
• Knowledgeable and familiar with security risk assessments - both in evaluating and reviewing assessments conducted by the offshore team
• Ability to conduct a security risk assessment when required.
• Experience with conducting security audits based on standards, preferably IEC-62443
• Articulate issues, risks, and proposed solutions to various levels of staff and management
• Contribute to the development of the security strategy, policy and service delivery objectives and best- practices for the design and delivery of security architecture services
• Maintain processes, standards and policies for the implementation and maintenance of security architecture principles within projects
• Manage multiple enterprise-wide programs simultaneously
• Expected to work with employees from all areas of IT and maintain a good working relationship with them.
• Proficient with interacting with multiple levels and roles within the organization and shall have the ability to apply different strategies to convince others to change their opinions or plans.
• Proficient interpersonal skills with the ability to interact professionally with all levels within the organization

Demonstrated experience in implementing and managing at least 9 of the following security defenses:

• Intrusion detection and prevention systems
• Endpoint monitoring
• Data loss prevention
• Firewalls
• Security Information and Event Management
• Network tabs, traffic aggregators and filters
• Policies, standards, procedures and other forms of documentation
• Cloud architecture, security controls, secure configuration, and deployment
• A sound understanding of emerging threats and industry trends

SUPERVISORY

None

#LI-Hybrid