As our Cybersecurity GRC Lead, you will be instrumental in identifying and assessing cybersecurity risks, developing robust policies and procedures, and ensuring compliance with relevant laws, contracts, regulations, and standards. You will work closely with various internal stakeholders, including IT, Internal Controls, Quality and Enterprise Risk, Legal, and Compliance teams, to integrate cybersecurity best practices into all aspects of our business.
Additionally, you will serve as the focal point for all cybersecurity-related audits, including SOX, ISM, internal audits, and others. In this capacity, you will coordinate audit activities, ensure readiness, manage responses to audit findings, and oversee the implementation of audit recommendations. Your role will be pivotal in maintaining transparency and accountability in our cybersecurity practices, ensuring they withstand the scrutiny of both internal and external audit processes.
Your expertise will not only safeguard our organization from digital threats but also foster a culture of cybersecurity awareness and compliance. Your strategic approach to risk management, combined with your ability to communicate complex cybersecurity concepts to diverse audiences, will play a vital role in strengthening our cybersecurity posture and supporting our overall business objectives.
JOB SPECIFIC RESPONSIBILITIES

Governance: implement clear guidelines, policies, and standards to ensure that IT systems and data are used and secured properly. Establishment of best practices and protocols to ensure that all IT activities align with Seadrill’s goals and objectives. Key activities:

• Directive Development: Creating and reviewing directives for OT and IT security.
• Support on Cyber Strategic Planning: Aligning IT security strategies with business objectives and ensuring adequate resources.
• Performance Measurement: Using metrics and KPIs to assess the effectiveness of cybersecurity measures, and KRIs to help to predict and monitor potential future risks.
• Risk Management Integration: Incorporating cybersecurity risk management into overall business risk strategies.
• Awareness, Training and Education: Educating employees about cybersecurity policies and best practices. Raising awareness, Own the security awareness program and ensure the workforce is properly trained and educated. Measure the effectiveness of awareness, training, and education programs.

Risk Management: focus on identifying, assessing, and mitigating risks that could potentially harm Seadrill’s assets, reputation, or stakeholders. Understanding the threats to IT infrastructure and data and taking appropriate measures to reduce these risks to an acceptable level. Key activities:

• Risk Assessment: Identifying and evaluating risks associated with IT systems and data.
• Risk Mitigation Planning: Developing strategies to address identified risks, such as implementing security controls.
Continuous Monitoring: Regularly reviewing and updating risk assessments to address new threats.

Compliance: ensure that Seadrill adheres to laws, regulations, and standards relevant to its industry and operations. It includes adherence to regulations like GDPR, LGPD, SOX, SEC Cyber Disclosure, etc. Key activities:

• Regulatory Compliance: Understanding and adhering to legal, contractual and regulatory requirements.
• Standards Compliance: Following industry standards such as NIST CSF, IEC 62443, ISO 27001, IADC Cybersecurity Guidelines.
• Audits and Assessments: Serve as the central contact for all cybersecurity-related audits at Seadrill. Cataloging all audits applicable to Seadrill, comprehending their specific requirements. Streamlining the processes for gathering audit evidence, aiming to efficiently meet auditor requirements. Proactively anticipating the needs and questions of auditors to facilitate smoother audit engagements. Exploring and evaluating a GRC tool to enhance future compliance tracking and management. Overseeing or assisting in the conduct of audits, both to verify adherence to internal policies and to ensure compliance with external regulations.

Cybersecurity Program Management: oversee the projects part of our program and all projects within the cybersecurity umbrella are effectively aligned, executed, and delivered. Key Activities:

• Project Coordination and Management: Oversee various cybersecurity projects, from inception to completion, following Seadrill Project Delivery Framework (PDF).
• Ensure that projects are completed on time, within scope, and budget.
• Stakeholder Communication: Act as the central point of communication for all cybersecurity projects. Regularly update stakeholders, including executive leadership and department heads, on project progress, risks, and milestones.
• Performance Tracking and Reporting: Monitor and report on the progress of cybersecurity projects.


SAFETY AT SEADRILL
Our goal is to ensure that ‘nobody gets hurt’ whilst performing their job. Everyone at Seadrill has a part to play in meeting our safety commitment.
Through strong leadership and personal responsibility from all employees, we take a systematic approach to identifying, managing and preventing the hazards involved in our day to day operations. Nothing is more important to us than the health, safety and security of our workforce and the communities in which we operate and behaving responsibly towards our shared environment. We are vigilant, disciplined and always looking out for one another. We have developed and embedded a strong safety culture onshore and offshore, fostered by all employees, who each have a personal responsibility and the authority to put an immediate stop to the job if they believe it to be unsafe. Everyone at Seadrill is accountable for helping to build this culture of care.
SEADRILL BEHAVIORAL FRAMEWORK
In Seadrill, setting the standard is not just about what we deliver, but how we deliver it.
We co-created our Behavioral Framework with our employees, where we identified four key competencies that define our culture and help us to live our values. Our behaviors are embedded in the way we work and support and guide us day to day:

• Drive & Ownership
• Change & Forward Thinking
• Communication & Collaboration
• Service Delivery

KNOWLEDGE, SKILLS AND EXPERIENCE

• At least 3-5 years' experience in an information security role and demonstrate a clear understanding of security related issues.
• Experience in security controls design and operation.
• Experience in conducting risk assessments.
• Knowledge of ISO27001/2.
• Knowledge of Sarbanes Oxley.
• Knowledge of Data Privacy.


Soft skills:

• Strong ownership of tasks and issues through to resolution (must demonstrate tenacity and persistence).
• Excellent communication skills, relationship building and interpersonal skills.
• Strong analytical skills.
• Able to multi-task and prioritize workload and a strong capability to manage and deliver multiple engagements simultaneously.
• Self-motivated and the ability to work under own initiative, with the ability to work individually and as part of a team.


Desired Certifications

• CISSP - Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• CRISK – Certified in Risk and Information Systems Control
• ITIL Foundation or higher certification


EDUCATION AND QUALIFICATIONS

Degree or equivalent experience in computer science, networking, engineering or another computer-related field (Higher degree preferred)
BSc or MSc degree in Information Security.
JOIN SEADRILL
We value our people and want to retain them, so we offer a competitive package built around an attractive base salary and a range of benefits tailored to your location.
Join Seadrill. Own the Opportunity.