IT Security Analyst

Position Summary

The IT Security Analyst is responsible for the administration and design of Chord Energy’s IT security systems and will lead the efforts to continuously improve the Company’s IT security program. This position maintains a high level of security for all aspects of the Company’s IT environment, participating in the design of security solutions to protect Company assets. This role will lead the installation, administration and maintenance of company IT security solutions and will partner with IT leadership and outside expertise, with the development of security vulnerability mitigation strategies and security compromise remediation and recovery playbooks. This position is located in downtown, Houston. Hybrid work schedule is an option for remote work on Mondays and Fridays. Level and salary commensurate with experience.

Essential Job Functions
•    Assess and coordinate IT-related security risks to the Company
•    Assist with the design, documentation, recommendation, and deployment of IT security strategies and technology solutions for the organization
•    Identify and address potential, successful, and unsuccessful intrusion attempts and compromises
•    Perform thorough reviews and analyses of relevant security events 
•    Conduct regular audits (with 3rd party assistance, as needed) to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans
•    Recommend security tools and associated budget requirements for the organization
•    Perform vulnerability assessments and report on IT security risk levels to management
•    Lead IT security efforts in Corporate, SCADA, mobile, and cloud environments 
•    Review security profiles for all endpoints including, but not limited to, server, client, mobile, and cloud
•    Act as primary contact for third-party security operations center partners for all functions
•    Assess and coordinate risk of third-party technologies as they relate to Company IT systems and data (Software-as-a-Service, Infrastructure-as-a-Services, consulting, new software and hardware solutions, etc.)
•    Participate in regular table-top exercises focused on remediation and recovery of IT systems/data compromise
•    Coordinate security incident management and remediation efforts
•    Facilitate Company security training program and any remedial security process education for Company personnel
•    Ensure IT personnel can assist with security program implementation and management of security solutions and tasks
•    Coordinate with other IT teams and business groups to understand Company processes as they relate to IT security
•    Act as a point of contact with the Company’s Enterprise Risk Management team
•    Respond to IT security questions from both Internal and External Audit teams
•    Document and manage IT Security Policies, with IT leadership oversight, to ensure the policies are accurate, effective, and current
•    Promote awareness of applicable regulatory standards, risks, and industry best practices
•    Lead projects, including solution validation, project definition, and deliverable implementation
•    Adhere to and enforce Company security policies  
•    Assist with department technology planning

•    Ability to work in a fast-paced and fluid environment; flexible with the demands of a growing company

•    Ability to meet deadlines
•    Ability to travel to field offices
•    On call rotation

This job description is not intended to be an all-inclusive list of duties and responsibilities of the position. Incumbents will be required to follow any other job-related instructions and duties outside of their normal responsibilities as assigned by their supervisor.

Minimum Qualifications
•    Bachelor’s Degree, in Information Systems, Computer Science, or Information Security (or equivalent experience) 
•    3 years of experience conducting IT compliance assessments (Sarbanes-Oxley, NIST, etc.)
•    3 years of experience in administering IT security controls in an organization

•    Experience in documenting and tracking issues within Jira or other IT ticketing systems
•    Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risks
•    Experience with IPS/IDS, SIEM, IAM and other IT security technologies
•    Proficient communication skills at all levels
•    Proficient time management skills
•    Ability to learn new technical concepts quickly and readily
•    Ability to work in a team environment, as well as on an individual, unsupervised basis
•    Physical Requirements and Working Conditions:  Must possess mobility to work in a standard office setting and to use standard office equipment, including a computer, stamina to maintain attention to detail despite interruptions, strength to lift and carry equipment weighing up to 50 pounds, Ability to stand for long periods of time and walk office floors; vision to read printed materials and a computer screen, and hearing and speech to communicate in person and over the telephone. 

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Preferred Qualifications
•    Experience working within an upstream Oil and Gas organization 
•    Experience with IOT and SCADA 
•    Knowledge of Sarbanes-Oxley guidelines
•    Project management skills
•    Windows workstation and server administration 
•    Experience performing security reviews and risk assessments 

EEO Statement:

Chord Energy does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.