Information Security & Data Governance Lead (US)

Principal Accountabilities
Information Security
Develop, implement, and maintain information and cyber security policies, standards, and procedures
Ensure alignment with recognized frameworks (ISO 27001, NIST CSF, CIS Controls)
Conduct risk assessments across IT, cloud, and Operational Technology (OT) environments
Support incident response planning and continuous improvement of security controls
Embed secure-by-design principles into infrastructure and operational systems
Data Governance
Establish and maintain an enterprise data governance framework
Define and enforce data classification, handling, retention, and protection standards
Ensure compliance with international data protection regulations including GDPR, UK Data Protection Act, and applicable US privacy laws
Promote data ownership, stewardship, and accountability across business units
Support data quality, integrity, and lifecycle management
Compliance & Regulatory Oversight
Ensure compliance with applicable cybersecurity, data governance, and energy sector regulations
Lead and support internal and external audit activities, including evidence collection and remediation tracking
Maintain enterprise risk registers and compliance reporting
Continuously monitor global cyber and data regulatory changes
Assess impact of regulatory developments and update internal policies, standards, and procedures accordingly
Ensure compliance is maintained across all regions of operation
Cybersecurity Awareness & Training
Design and deliver enterprise cybersecurity awareness programmes
Conduct phishing simulations and risk-based awareness campaigns
Tailor training for corporate and operational (OT) environments
Measure effectiveness and drive continuous improvement in user behaviour
Governance & Advisory
Act as subject matter expert and advisor on security, governance, and compliance matters
Administer and support third-party/vendor risk management programme
Provide reporting and insights to leadership on security posture, regulatory changes, and risk exposure
Contribute to the continuous improvement of governance, risk, and compliance (GRC) capability
Member of change management board and contributor to change management process
Qualifications and Experience
Required
Significant experience in information security, cybersecurity GRC, or IT governance roles
Proven experience implementing data governance frameworks
Strong understanding of international data protection and cybersecurity regulations
JOB DESCRIPTION
Experience working within regulated environments
Familiarity with ISO 27001, NIST, or equivalent frameworks
Experience supporting audit and compliance processes
Desired
Experience in the energy, utilities, or critical infrastructure sector
Exposure to Operational Technology (OT) environments
Professional certifications (e.g., CISSP, CISM, CRISC, CISA, CDMP)
Experience with GRC tools (e.g., ServiceNow GRC, RSA Archer, MetricStream)
HSE Responsibilities
Stop work by challenging and stopping unsafe acts and behaviours or unsafe conditions.
Comply with Standard Operating Procedures defined in Responsibilities above, and company STOP WORK
system.
Ensure that cybersecurity considerations support safe and reliable operational environments, particularly
within OT systems
Competencies
Risk & Compliance Expertise: Strong understanding of regulatory and governance frameworks
Analytical Thinking: Ability to assess and mitigate complex risks
Stakeholder Engagement: Ability to influence across technical and business teams
Communication: Clear communication of technical and regulatory requirements
Autonomy: Operates independently with accountability for outcomes
Continuous Improvement: Proactively adapts to changing regulatory and threat landscapes
Any Other Information
This is a senior individual contributor role with no direct reports
The role operates across multiple jurisdictions with varying regulatory requirements