51,000 people. 49 countries. Over 120 office locations.
We’re not just engineers. We’re a global team of data scientists, consultants, construction workers and innovators all working to create a better tomorrow. Every day, we help customers in energy, chemicals and resources get one step closer to solving our planet’s toughest issues. Climate change. The energy transition. Digital transformation. And how we can deliver a more sustainable world.?
Whatever your ambition, there’s a path for you here. And there’s no barrier to your potential career success. For more information, visit
This position can be based anywhere, globally.
To lead the strategy, design, implementation and continuous Development and improvement of Worley’s Enterprise Vulnerability Management Program, following a risk-based approach for remediation and risk mitigation.
Lead Worley’s Enterprise Vulnerability Management Program (EVM)
Supporting the Enterprise Vulnerability Management strategy for on-premises and cloud-based Worley assets
Analysis of known and emerging threats to determine risks against Worley assets
Assessment and audit of compliance against the security policies and standards as it relates to assets vulnerabilities
Assurance that assets are effectively managed and maintained from a software level perspective (patched, remediated)
Enforcement of enterprise-wide policies and procedures that cover the entire lifecycle of vulnerability management and device security configuration
Engage with the rest of Worley’s Information Security organization on the state of Enterprise Vulnerability Management
Reporting and metrics
Introduce Automation (scanning, remediation, etc.)
Improve Worley’s EVM with risk-based remediation and prioritization
Supporting enterprise efforts to improve effectiveness and efficiency of EVM tools, process, and procedures
Contributing to the development of the Device Domain Security Strategy
Define tactical controls inclusive of O365, Windows 10 / 11, Sharepoint, Active Directory, and MAC OS environments based on vulnerabilities and attack vectors
Oversee and lead validation of tactical controls implementation
Support organizational change management and communications
Support Cyber Security Operations as necessary
Other functions assigned by the Global Director, Information Security
Proven leadership, especially situational leadership, in managing within a complex environment
Strong situational analysis, decision making abilities and relationship management with key stakeholders across the organization
With support from People group design and implement an appropriate organisation to deliver Worley’s Cybersecurity and Risk strategies and programmes
Recruit, on-board and develop personnel to build and sustain team capability and capacity to meet Worley’s needs with a focus on developing overall maturity of the function
Lead and develop personnel and provide coaching and mentoring to encourage professional growth
Strategic and tactical enterprise-wide view of the business knowledge of strategy, processes, and capabilities, enabling technologies, and governance
Exceptional communication skills and the ability to communicate appropriately at all levels of the organization
Collaborative mindset able to work effectively at all levels of an organization with the ability to influence others to move toward consensus
Job Specific Knowledge / Experience:
BS degree in Computer Science, Cyber Security, or related field
Cybersecurity certifications preferred.
Information Technology certifications preferred
Strong Cyber risk management, Cyber Security Operations, compliance, and commercial acumen with strong strategic and change management skills.
Significant experience in Vulnerability Management programs
Significant experience managing endpoints and endpoint protection technologies
Significant experience defining, implementing, and managing security controls
Substantial tacit and explicit knowledge of the design and implementation of Worley’s strategy, as well as Worley’s Information Security strategy and vision
Overall, 10 years of experience in Information Security and / or IT Operations
Experience in Oil and Gas industry a must
Knowledge of the Australian Essential 8 controls
Managing and motivating virtual and global teams where some members may have dual roles
Successful track record working in a multinational environment with 24/7 operation across different time zones
Knowledge of Security architecture and frameworks including ISO27001, NIST, and ACSC Essential 8 strategy
Line management of both in-house and outsourced providers
Ability to keep abreast of trends and best practices and disseminate and implement such approaches across the organisation including current Cyber risk threat landscape
Strong team leadership and development skills
Ability to collaborate across multiple teams and work well with others
Strong written and presentation skills with the ability to critically synthesise technical concepts to material for C-suite and Board level consideration
Strong ability to analyse material control weaknesses and recommend remedial measures efficiently and effectively
Assume hands-on management and implementation of all relevant HSE systems.
Assure compliance of all HSE systems, processes and procedures through the training, competence and performance of all personnel (Worley and others)
Achieve the objectives of the Life program through proactively implementing actions and/or corrective or mitigating actions, and by maintaining an overall knowledge and awareness of the work-place environment (operations, layout, hazards, risks, concurrent activities, personnel, etc.)
Role-model a commitment to personal well-being and a pro-active approach to continuously improving health, safety and environmental performance.
Advanced user in MS Office applications and MS SharePoint 2013
Knowledge of systems including Worley Management System, Corporate Assurance and Corporate Internal Audit systems
Advanced knowledge of frameworks including NIST, Essential 8 and ISO27001
Flexible Working Arrangements:
This is a global role and will require flexibility to work across multiple time zones.