Senior IT Security Analyst

Position Summary The Senior IT Security Analyst is responsible for administration and design of Company IT security systems and will lead the efforts to continuously improve the Company’s IT security program. This position maintains a high level of security for all aspects of the Company’s IT environment, participating in the design of security solutions to protect Company assets. This role will lead the installation, administration and maintenance of company IT security solutions and will partner with IT leadership and outside expertise, with the development of security vulnerability mitigation strategies and security compromise remediation and recovery playbooks. . This position reports to the IT Infrastructure Manager in our Downtown Houston office. Level and salary commensurate with background and experience. Essential Job Functions • Assess and coordinate IT-related security risks to the Company • Assist with the design, documentation, recommendation, and deployment of IT security strategies and technology solutions for the organization • Identify and address potential, successful, and unsuccessful intrusion attempts and compromises • Perform thorough reviews and analyses of relevant security events • Conduct regular audits (with 3rd party assistance, as needed) to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans • Recommend security tools and associated budget requirements for the organization • Perform vulnerability assessments and report on IT security risk levels to management • Lead IT security efforts in Corporate, SCADA, mobile, and cloud environments • Review security profiles for all endpoints including, but not limited to, server, client, mobile, and cloud • Act as primary contact for third-party security operations center partners for all functions • Assess and coordinate risk of third-party technologies as they relate to Company IT systems and data (Software-as-a-Service, Infrastructure-as-a-Services, consulting, new software and hardware solutions, etc.). • Develop and lead regular table-top exercises focused on remediation and recovery of IT systems/data compromise • Coordinate security incident management and remediation efforts • Facilitate Company security training program and any remedial security process education for Company personnel • Ensure IT personnel can assist with security program implementation and management of security solutions and tasks • Coordinate with other IT teams and business groups to understand Company processes as they relate to IT security • Act as a point of contact with the Company’s Enterprise Risk Management team • Respond to IT security questions from both Internal and External Audit teams • Document and manage IT Security Policies, with IT leadership oversight, to ensure the policies are accurate, effective, and current • Promote awareness of applicable regulatory standards, risks, and industry best practices • Lead projects, including solution validation, project definition, and deliverable implementation • Adhere to and enforce Company security policies • Assist with department technology planning • Ability to travel to field offices • On call rotation • Other duties as assigned This job description is not intended to be an all-inclusive list of duties and responsibilities of the position. Incumbents will be required to follow any other job-related instructions and duties outside of their normal responsibilities as assigned by their supervisor. Minimum Qualifications • Bachelor’s Degree, in Information Systems, Computer Science, or Information Security (or equivalent experience) • 5 years IT security or information security experience with a proven ability to engage with Senior Management and regulators • 3 years of experience conducting IT compliance assessments (Sarbanes-Oxley, NIST, etc.) • 3 years of experience in administering IT security controls in an organization • Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risks • Experience with IPS/IDS, SIEM IAM and other IT security technologies • Single Sign-On systems management experience • Virtual environment experience required • Certified Information Systems Security Professional (CISSP), or similar certification • Prior experience working within a publicly traded organization • Proficient communication skills at all levels • Proficient time management skills • Ability to learn new technical concepts quickly and readily • Ability to work in a team environment, as well as on an individual, unsupervised basis • Physical Requirements and Working Conditions: Must possess mobility to work in a standard office setting and to use standard office equipment, including a computer, stamina to maintain attention to detail despite interruptions, strength to lift and carry equipment weighing up to 50 pounds, Ability to stand for long periods of time and walk office floors; vision to read printed materials and a computer screen, and hearing and speech to communicate in person and over the telephone. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Preferred Qualifications • Prior experience working within an upstream Oil and Gas organization • Prior experience IOT and SCADA • Knowledge of Sarbanes-Oxley guidelines • Project management skills • Windows workstation and server administration • Prior experience performing security reviews and risk assessments EEO Statement: Chord Energy does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor. Chord Energy is an independent oil and gas company engaged in the exploration, development, production, and acquisition of crude oil, NGLs, and natural gas, with top-tier, sustainable assets located in the Bakken and Three Forks plays in North Dakota and Montana. We prioritize safe and responsible operations to develop our unconventional onshore resources, and we maintain a unique position with a best-in-class balance sheet, a rigorous focus on capital discipline, and a continuous improvement approach leading to innovation and efficiency that generates cash flow. The company trades publicly as NASDAQ: CHRD