Head Of Cyber Security

Petrofac overview

Petrofac is a leading international service provider to the energy industry, with a diverse client portfolio including many of the world's leading energy companies.

We design, build, manage and maintain infrastructure for our clients. We recruit, reward, and develop our people based on merit regardless of race, nationality, religion, gender, age, sexual orientation, marital status or disability. We value our people and treat everyone who works for or with Petrofac fairly and without discrimination.

The world is re-thinking its energy supply and energy security needs; planning for a phased transition to alternative energy sources. We are here to help our clients meet these evolving energy needs. This is an exciting time to join us on this journey.

We support flexible working requests and have adopted a hybrid approach for most of our office-based roles. We ask employees to be present in the office at least three days per week.

Are you ready to bring the right energy to Petrofac and help us deliver a better future for everyone?

Key responsibilities

• We are seeking a highly experienced and strategic Head of Cybersecurity to lead and manage the cybersecurity function across the enterprise. This role is responsible for ensuring the organization remains secure from cyber threats, compliant with relevant standards and regulations, and resilient against emerging risks. The ideal candidate will be a visionary leader providing both strategic direction and technical leadership, ensuring the integration of cybersecurity controls across all digital and operational initiatives.
• This role will also be responsible for managing cybersecurity across all global office, data centres, and operational locations, and for leading a geographically dispersed remote cybersecurity team.
• Develop a cybersecurity vision and strategy that is aligned to organisational priorities and enables and facilitates the organisation's business objectives, ensuring senior stakeholder buy-in and mandate.
• Incorporate AI-driven cybersecurity strategies into the overall strategy to improve the efficiency and effectiveness of security operations.
• Create the necessary internal networks among the cybersecurity team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment to the cybersecurity vision and strategy.
• Develop, implement and monitor a strategic, comprehensive cybersecurity program to ensure appropriate levels of confidentiality, integrity, and availability of information assets owned, controlled or processed by the organization as well as meeting safety, privacy, reliability, and resilience requirements as needed.
• Work effectively with business units to facilitate cybersecurity risk assessment and risk management processes and empower them to make the right decisions that fall within the risk appetite of their organisation.
• Lead the cybersecurity team, providing mentorship, strategic direction, and performance oversight.
• Determine the cybersecurity approach and operating model in consultation with stakeholders (within IT and across the organisation) and align with the risk management approach and compliance monitoring of non-digital risk areas.
• Ensure the cybersecurity approach and operating model provides business agility and fosters a risk management philosophy.
• Manage a geographically dispersed cybersecurity team, ensuring consistent global standards and coordination.
• Create and manage a unified and flexible, risk-based control framework and governance model to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations.
• Ensure ongoing compliance with ISO/IEC 27001, Cyber Essentials, IT General Controls (ITGC), and customer/regulatory cybersecurity requirements.
• Manage internal and external audits and maintain required cybersecurity certifications.
• Provide regular reporting on the current status of the cybersecurity program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
• Direct the creation of a targeted cybersecurity awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences creating a cyber savvy culture.
• Oversee 24x7 security monitoring, threat detection, and incident response.
• Lead major incident response efforts and conduct in-depth reviews and analysis of cybersecurity breaches to identify root causes, lessons learned, and improvements to strengthen future resilience.
• Ensure secure design and architecture of all IT and OT systems, embedding cybersecurity controls into all new implementations, digital and AI transformation projects.
• Manage enterprise-wide vulnerability management programs.
• Drive cybersecurity initiatives across both IT and OT environments.
• Ensure compliance with IEC 62443, NIST SP 800-82, and other relevant industrial cybersecurity frameworks.
• Manage cybersecurity across global enterprise locations, ensuring coordination with regional IT/OT leads and compliance with local regulations.
• Lead the implementation and operation of technologies such as SIEM, EDR/XDR, PAM, DLP, and other advanced threat detection tools.
• Ensure data protection and privacy compliance, including implementation of technical controls to meet GDPR and other applicable privacy laws.
• Collaborate with compliance and legal teams on the technical aspects of privacy requirements and support data subject rights.
• Roll out and manage enterprise-wide Data Loss Prevention (DLP) solutions to prevent data leakage and protect sensitive information.
• Manage and collaborate with cybersecurity partners and suppliers to ensure the organisation is adopting best practice and staying abreast of the latest cybersecurity risks and associated mitigations.
• The role requires a robust set of problem-solving skills to effectively manage and oversee the various responsibilities including: analytical thinking, strategic planning, decision-making, communication, conflict resolution, and influencing.
• Accountable for the cybersecurity budget ensuring it meets the business goals whilst meeting cost optimisation targets.

Essential qualifications and skills

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Several years of experience in cybersecurity with at least 5 years in a leadership capacity.
• Proven experience handling major cybersecurity incidents and breaches.
• Strong understanding of enterprise IT and OT security operations.
• Experience managing cybersecurity in large, global organizations.
• Expertise in cybersecurity frameworks including ISO 27001, NIST SP 800-82, IEC 62443, ITGC, and Cyber Essentials.
• Experience implementing and operating cybersecurity tools and technologies (SIEM, EDR/XDR, PAM, DLP).
• Proficient in cloud security, especially within Microsoft Azure environments.
• Excellent interpersonal and conflict resolution skills.
• Strong analytical thinking, problem-solving skills, and decision-making capabilities.
• CISSP - Certified Information Systems Security Professional.
• CISM - Certified Information Security Manager.
• CISA - Certified Information Systems Auditor.
• GIAC - Global Information Assurance Certification.
• Microsoft Certified: Azure Security Engineer Associate.
• GICSP - Global Industrial Cyber Security Professional or equivalent OT security certification.