What are the responsibilities and job description for the Deputy CISO, Cyber Security position at Phillips 66?
. Phillips 66 & YOU - Together we can fuel the future
The Deputy CISO, Cyber Security is a senior leader within the Phillips 66 CISO team. The position leads the strategic planning, development, and execution of enterprise-wide cybersecurity initiatives through a technical lens in a fast-paced, global, and innovative business environment. The Deputy CISO possesses exceptional leadership skills, creating credible connections with internal and external stakeholders, and cultivating a robust cyber ecosystem. The Deputy CISO reports to the CISO, assuming their role when necessary, and will play a crucial part in driving transformational improvements in cybersecurity processes and capabilities. In tandem with a broad understanding of cyber risk sources, reference frameworks, and mitigation strategies, this role requires the ability to think strategically, act decisively, and prioritize cyber investments to deliver risk outcomes that reduce the likelihood and impact of a cyber incident. Through education, influence, and data, the Deputy CISO embeds cyber risk management into business operations, supporting infrastructures and processes, new product launches, M&A activity, and portfolio cyber advisory.
Responsibilities May Include:
Collaborate in the creation of the overall cybersecurity strategy, roadmap, and standards, leading the areas within the cybersecurity governance domain.
Implement and manage the security policies and controls for both IT and OT systems, including SCADA systems, and ensure the interdependencies and zone boundaries are well-defined and secured.
Establish, maintain, and report upon cyber key performance indicators that provide visibility into the operation of key elements of the Phillips 66 cyber security program.
Deploy new security technologies and enhancements to existing security technologies and use data-driven business case processes to strengthen enterprise cyber resilience.
Leverage security tools, independent third parties, internal audit, and cyber staff to identify security vulnerabilities and take actions to reduce Phillips 66’s exposure to harm from external and internal threats, including insider risk.
Understand the evolving threat landscape and adapt the security governance program to effectively understand, mitigate, and report upon cyber risk in an everchanging environment.
Partner with State and Federal agencies (DHS, TSA, FBI, ISACs, etc.) to share relevant actionable cyber threat information, cyber policies, and practices, and to coordinate response to incidents.
Test and evaluate the effectiveness of the cybersecurity incident response plan and conduct annual exercises with the security team and relevant stakeholders.
Demonstrate strong understanding of administrative, physical, and technical controls used to govern, identify, protect, detect, respond, and recover from cyber threats and attacks.
Administer OPEX and CAPEX security budget and oversee budget planning and forecasting.
Build and manage staff, including performance management, career development, recruitment, retention succession planning, and workload balance.
Required Qualifications:
Legally authorized to work in the job posting country
Bachelor's degree
8 or more years of experience in IT security
8 or more years of progressive leadership experience
Security certifications: CISSP, CISA or CISM
Certified Cloud Security Professional or equivalent
Experience managing advanced, complex cyber security incidents across Information Technology (IT) and Operational Technology (OT) environments
Knowledge of cyber security frameworks such as NIST CSF and MITRE ATT&CK
Ability to obtain federal security clearance
Preferred Qualifications:
Bachelor's Degree or higher in Information Systems, Computer Science or related technical discipline
Experience in CISO or Deputy CISO
Cyber security experience in the energy industry
8 or more years of experience in IT security within the oil and gas industry
Solid knowledge of various security technologies, to include firewalls, intrusion detection/prevention systems, endpoint protection, and security information and event management (SIEM) tools
Proficiency in network security concepts, to include network segmentation, VPN (Virtual Private Network) configurations, and secure network architecture
Experience with cloud security, to include understanding cloud architecture, identity and access management (IAM), and encryption in cloud environments
Knowledge of secure coding practices, application vulnerabilities, and secure software development lifecycles (SDLC)
Understanding how to identify, assess, and remediate vulnerabilities in both IT and OT systems
Familiarity with ICS security, such as Modbus, SCADA, and PLC security
Understanding of how to establish and maintain secure configurations for devices, servers, and network equipment. This includes hardening systems, managing access controls, and enforcing security policies
Understanding various encryption methods and their application in securing data at rest and in transit
Familiar with integrating security into the DevOps pipeline, to include secure code reviews, continuous security testing, and container security
Strong knowledge of SCADA, Distributed Control Systems (DCS), and process control networks is essential for securing critical infrastructure
Excellent written and verbal communication and presentation skills to bolster cyber acumen and advocacy across diverse stakeholders, including senior executives, end users, and board members
Excellent interpersonal, relationship building and influencing skills
Demonstrated success to building positive working relationships gaining support for the cybersecurity strategy and initiatives
Understanding of cybersecurity program planning and sequencing, including governance, risk management, architecture, technology onboarding, vulnerability management, awareness and training, and cyber third-party risk management; Experience in the development, implementation, and monitoring of supporting processes
Innovative thinking and leadership with a keen ability to influence and motivate cross-functional interdisciplinary teams
Ability to anticipate technological developments and develop or enhance existing capabilities, policies, and procedures to protect the best interest of the organization
Ability to adapt to a fast-moving cyber security landscape and keep pace with latest thinking and new security technologies
Digital leadership skills-capable of empowering and leading a cyber security team to meet business and cyber security goals
Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management
Total Rewards
At Phillips 66, providing access to high quality programs and care for you and your family is important to us. Maintaining a culture of well-being — physical, emotional, social, and financial — is essential for a high-performing organization. When we are at our best, we are poised to deliver exceptional results — personally and professionally. Benefits for certain eligible, full-time employees include:
Annual Variable Cash Incentive Program (VCIP) bonus
8% 401k company match
Cash Balance Account pension
Medical, Dental, and Vision benefits with an annual company contribution to a Health Savings Account for employees on HDHP
Total well-being programs and incentives, including Employee Assistance Plan, well-being reimbursement, and backup family care services
Learn more about Phillips 66 Total Rewards (http://hr.phillips66.com) .
Phillips 66 has more than 140 years of experience in providing the energy that enables people to dream bigger and go farther, faster. We are committed to improving lives, and that is our promise to our employees and our communities. We are sustained by the backgrounds and experiences of our diverse teams, which reflect who we are, the environment we create and how we work together. We have been recognized by the Human Rights Campaign, U.S. Department of Labor and the Military Times for our continued commitment to inclusive practices and policies in the hiring and retention of those in the LGBTQ community and military veterans. Our company is built on values of safety, honor and commitment. We call our cultural mindset Our Energy in Action, which we define through four simple, intuitive behaviors: We work for the greater good, create an environment of trust, seek different perspectives and achieve excellence.
Learn more about Phillips 66 and how we are working to meet the world's energy needs today and tomorrow, by visiting phillips66.com.
To be considered
In order to be considered for this position you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature on or before the requisition closing date of 3/25/2024 .
Candidates for regular U.S. positions must be a U.S. citizen or national, or an alien admitted as permanent resident, refugee, asylee or temporary resident under 8 U.S.C. 1160(a) or 1255(a)(1). Individuals with temporary visas such as E, F-1, H-1, H-2, L, B, J, or TN or who need sponsorship for work authorization now or in the future, are not eligible for hire.
Phillips 66 is an EEO and Affirmative Action Employer of Women/Minorities/Veterans/Individuals with Disabilities
The Deputy CISO, Cyber Security is a senior leader within the Phillips 66 CISO team. The position leads the strategic planning, development, and execution of enterprise-wide cybersecurity initiatives through a technical lens in a fast-paced, global, and innovative business environment. The Deputy CISO possesses exceptional leadership skills, creating credible connections with internal and external stakeholders, and cultivating a robust cyber ecosystem. The Deputy CISO reports to the CISO, assuming their role when necessary, and will play a crucial part in driving transformational improvements in cybersecurity processes and capabilities. In tandem with a broad understanding of cyber risk sources, reference frameworks, and mitigation strategies, this role requires the ability to think strategically, act decisively, and prioritize cyber investments to deliver risk outcomes that reduce the likelihood and impact of a cyber incident. Through education, influence, and data, the Deputy CISO embeds cyber risk management into business operations, supporting infrastructures and processes, new product launches, M&A activity, and portfolio cyber advisory.
Responsibilities May Include:
Collaborate in the creation of the overall cybersecurity strategy, roadmap, and standards, leading the areas within the cybersecurity governance domain.
Implement and manage the security policies and controls for both IT and OT systems, including SCADA systems, and ensure the interdependencies and zone boundaries are well-defined and secured.
Establish, maintain, and report upon cyber key performance indicators that provide visibility into the operation of key elements of the Phillips 66 cyber security program.
Deploy new security technologies and enhancements to existing security technologies and use data-driven business case processes to strengthen enterprise cyber resilience.
Leverage security tools, independent third parties, internal audit, and cyber staff to identify security vulnerabilities and take actions to reduce Phillips 66’s exposure to harm from external and internal threats, including insider risk.
Understand the evolving threat landscape and adapt the security governance program to effectively understand, mitigate, and report upon cyber risk in an everchanging environment.
Partner with State and Federal agencies (DHS, TSA, FBI, ISACs, etc.) to share relevant actionable cyber threat information, cyber policies, and practices, and to coordinate response to incidents.
Test and evaluate the effectiveness of the cybersecurity incident response plan and conduct annual exercises with the security team and relevant stakeholders.
Demonstrate strong understanding of administrative, physical, and technical controls used to govern, identify, protect, detect, respond, and recover from cyber threats and attacks.
Administer OPEX and CAPEX security budget and oversee budget planning and forecasting.
Build and manage staff, including performance management, career development, recruitment, retention succession planning, and workload balance.
Required Qualifications:
Legally authorized to work in the job posting country
Bachelor's degree
8 or more years of experience in IT security
8 or more years of progressive leadership experience
Security certifications: CISSP, CISA or CISM
Certified Cloud Security Professional or equivalent
Experience managing advanced, complex cyber security incidents across Information Technology (IT) and Operational Technology (OT) environments
Knowledge of cyber security frameworks such as NIST CSF and MITRE ATT&CK
Ability to obtain federal security clearance
Preferred Qualifications:
Bachelor's Degree or higher in Information Systems, Computer Science or related technical discipline
Experience in CISO or Deputy CISO
Cyber security experience in the energy industry
8 or more years of experience in IT security within the oil and gas industry
Solid knowledge of various security technologies, to include firewalls, intrusion detection/prevention systems, endpoint protection, and security information and event management (SIEM) tools
Proficiency in network security concepts, to include network segmentation, VPN (Virtual Private Network) configurations, and secure network architecture
Experience with cloud security, to include understanding cloud architecture, identity and access management (IAM), and encryption in cloud environments
Knowledge of secure coding practices, application vulnerabilities, and secure software development lifecycles (SDLC)
Understanding how to identify, assess, and remediate vulnerabilities in both IT and OT systems
Familiarity with ICS security, such as Modbus, SCADA, and PLC security
Understanding of how to establish and maintain secure configurations for devices, servers, and network equipment. This includes hardening systems, managing access controls, and enforcing security policies
Understanding various encryption methods and their application in securing data at rest and in transit
Familiar with integrating security into the DevOps pipeline, to include secure code reviews, continuous security testing, and container security
Strong knowledge of SCADA, Distributed Control Systems (DCS), and process control networks is essential for securing critical infrastructure
Excellent written and verbal communication and presentation skills to bolster cyber acumen and advocacy across diverse stakeholders, including senior executives, end users, and board members
Excellent interpersonal, relationship building and influencing skills
Demonstrated success to building positive working relationships gaining support for the cybersecurity strategy and initiatives
Understanding of cybersecurity program planning and sequencing, including governance, risk management, architecture, technology onboarding, vulnerability management, awareness and training, and cyber third-party risk management; Experience in the development, implementation, and monitoring of supporting processes
Innovative thinking and leadership with a keen ability to influence and motivate cross-functional interdisciplinary teams
Ability to anticipate technological developments and develop or enhance existing capabilities, policies, and procedures to protect the best interest of the organization
Ability to adapt to a fast-moving cyber security landscape and keep pace with latest thinking and new security technologies
Digital leadership skills-capable of empowering and leading a cyber security team to meet business and cyber security goals
Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management
Total Rewards
At Phillips 66, providing access to high quality programs and care for you and your family is important to us. Maintaining a culture of well-being — physical, emotional, social, and financial — is essential for a high-performing organization. When we are at our best, we are poised to deliver exceptional results — personally and professionally. Benefits for certain eligible, full-time employees include:
Annual Variable Cash Incentive Program (VCIP) bonus
8% 401k company match
Cash Balance Account pension
Medical, Dental, and Vision benefits with an annual company contribution to a Health Savings Account for employees on HDHP
Total well-being programs and incentives, including Employee Assistance Plan, well-being reimbursement, and backup family care services
Learn more about Phillips 66 Total Rewards (http://hr.phillips66.com) .
Phillips 66 has more than 140 years of experience in providing the energy that enables people to dream bigger and go farther, faster. We are committed to improving lives, and that is our promise to our employees and our communities. We are sustained by the backgrounds and experiences of our diverse teams, which reflect who we are, the environment we create and how we work together. We have been recognized by the Human Rights Campaign, U.S. Department of Labor and the Military Times for our continued commitment to inclusive practices and policies in the hiring and retention of those in the LGBTQ community and military veterans. Our company is built on values of safety, honor and commitment. We call our cultural mindset Our Energy in Action, which we define through four simple, intuitive behaviors: We work for the greater good, create an environment of trust, seek different perspectives and achieve excellence.
Learn more about Phillips 66 and how we are working to meet the world's energy needs today and tomorrow, by visiting phillips66.com.
To be considered
In order to be considered for this position you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature on or before the requisition closing date of 3/25/2024 .
Candidates for regular U.S. positions must be a U.S. citizen or national, or an alien admitted as permanent resident, refugee, asylee or temporary resident under 8 U.S.C. 1160(a) or 1255(a)(1). Individuals with temporary visas such as E, F-1, H-1, H-2, L, B, J, or TN or who need sponsorship for work authorization now or in the future, are not eligible for hire.
Phillips 66 is an EEO and Affirmative Action Employer of Women/Minorities/Veterans/Individuals with Disabilities
Vice President, Information Security (CISO) - Houston, TX
Empower Pharmacy -
Houston, TX
Director - Cybersecurity & Chief Information Security Officer (CISO)
Sempra LNG -
Houston, TX
Cyber Security Administrator
Carriage Services -
Houston, TX
