Business Information Security Officer

Come Join an Inclusive Team

The Sr. BISO will provide tactical direction to the global and regional sites. This role is a hands-on role that will ensure the subject matter expertise, and processes for the effective execution of global cybersecurity program, support the computing systems of site’s business and process control systems to coordinate changes and provide security and to ensure optimum integrity, confidentiality, reliability, and availability.  The role acts as the main global and regional point of contact for the business and manufacturing in supporting the center led business systems security.  This role will be a security evangelist and drive company-wide focus to prevent, detect, and remediate cyber security threats.

A Day in the Life:

• Provide leadership to regional BISOs for day-to-day prioritization, project implementation, and troubleshooting technical issues.
• Oversee the operation of regional and local IT and ICS computing systems and security software including hardware and software lifecycle (Firewall, Anti Malware, Patch and Asset Management  , etc.).
• Ensure that all regional sites’ networks and systems comply with Corporate and Industry   standards;
• Contribute to internal documentation and standards (build documents, operational excellence, Disaster Recovery, Business Continuity, security whitepapers, Technical Designs)
• Help to validate the translation of the company policies from English into the local language (spoken by the BISOs as their first language) as optional if they have the capabilities.
• Advise or consult on OT changes initiated by IT and Site Management.
• Participate in Purdue Level 2 and 3  monitoring , including the review, validation and reporting of security metrics.
• Assist in Operational Excellence audit support, Site Vulnerability Assessments and Cyber Process Hazard Analysis.
• Lead project design and implementation
• Facilitate forensics investigations and incident follow-up.
• Support the design, implementation and documentation of (security) OT and M&A projects and initiatives.
• Ensure effective regional security awareness program implementation and training.
• Lead technical direction and strategy for ICS systems architecture and security 
• Improve overall cyber resilience to the next level of maturity and effectiveness according with the defined BSS roadmap.
• Regularly analyze LyondellBasell’s intrusion protection processes and lead efforts to improve it through automation, integration, and aggregation.
• Provide information protection expertise to IT operational teams to ensure systems are properly protected and monitored by design. Communicate threats appropriately.
• Profile new and emerging threats to the IT landscape and drive changes needed in response.
• Serve as a member to the event response team, providing mentoring to other team members as needed, while performing Level 2 support.
• Contribute ideas to the future state technology roadmap ensuring effective investments are made to enable scale, quality, and maintenance and overall cost effectiveness.
• Assist in setting technical direction and strategy for ICS systems architecture and security.
• Understand the security vulnerability management process and be able to conduct vulnerability assessments for the IT and ICS infrastructure, including mitigation and patch testing.

You Bring This Value :

Minimum Qualifications:

• Bachelor’s degree in an appropriate field, or equivalent professional experience
• Minimum of ten (10) years of experience in information security, information technology (IT), or operational technology (OT)
• Experience developing and refining risk-based, defense-in-depth security architectures based on established frameworks such as NIST or ISO
• Support for LyondellBasell’s Diversity, Equity, and Inclusion (DEI) strategy and values.
• Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise language
• Ability to collaborate and communicate effectively with both business-oriented and technology-oriented personnel
• Working knowledge of one or more of these technologies: Microsoft Windows, Active Directory architecture & management, Group Policies, network topology, Anti Malware, SQLServer Database Management, virtualization, Manufacturing Execution Systems.
• Ability to perform field work for site assessments including visiting control rooms, rail yards, network closets, offices, and inspections of external perimeter fencing in a variety of physical locations – requiring walking for extended distances, walking over uneven terrain, and wearing protective equipment (PPE)

Preferred Qualifications:

• Experience in the lab environment including security risk assessment, technical design, and architecture.
• Experience in information security, information technology (IT), or operational technology (OT)
• Experience developing and refining risk based, defense-in-depth security architectures based on established frameworks such as NIST, ISO27001 or IEC62443
• Working knowledge of plant ICS systems (i.e. Modbus, OPC, AspenTech, OSI PI, Sample Manager, PAS Alarm Management, Honeywell, DeltaV, Yokogawa, Siemens, Schneider, etc.)
• Practical knowledge of different message distribution techniques to ensure end users understand and apply the behavioral changes necessary to reduce the ‘human factors’ risk
• Detailed understanding of manufacturing and business systems
• Ability to work with minimal supervision with demonstrated mentoring skills
• Ability to travel as required, up to 10%
• Experience with security incident and event analytics and monitoring technology including regular maintenance and tuning, correlation rules, filters, lists, views, and reports
• CISSP, CCNA, or other security recognition desirable
• Intercultural competence

What We Offer

LyondellBasell is proud to provide a competitive total compensation package designed to reward excellence and support the well-being of our employees. Our Total Rewards package includes equitable and market-competitive base pay as well as locally relevant incentives, fostering a culture of pay-for-performance that recognizes both individual and company achievements.   

We extend the following benefits to *eligible employees: 

• Workplace Flexibility: The Company’s Global Remote Work Policy allows eligible employees to request to work remotely up to two full days per standard work week at an approved location other than the designated worksite or office, such as at a home office with managerial approval.
• Comprehensive Health, Welfare, Life and Retirement Programs: Our comprehensive programs are aligned with local practices.
  
  • 6% LYB match on 401(k) contribution
  • 5% LYB cash balance pension plan accrual
• Comprehensive Well-being Benefits: Programs to support your physical, mental, financial, and social health, ensuring you receive the care you need, when you need it.
• Employee Stock Purchase Plan: The LYB ESPP offers a 10% discount on LYB stock for eligible employees in Germany, Italy, Netherlands, Spain, and US.
• Educational Assistance Program: To encourage self-development by providing financial aid for approved educational activities voluntarily undertaken by employees.
• Bravo Rewards Program: Recognizing outstanding employee contributions.
• Robust Medical and Life Insurance Packages: Offering a variety of coverage options to meet individual needs.
• Professional Development: Opportunities to learn and grow through training, mentoring, work experiences, community involvement, and team building activities.
• Competitive Vacation Policies: Generous annual leave to support your work-life balance.
• Global Adoption Policy: Support for employees expanding their families.
• Matching Gifts Program: Enhance the impact of your charitable contributions to qualified organizations. 

*Eligibility for certain benefits and rewards programs will vary based on your job status, work location and/or the terms of any applicable collective bargaining agreement and may be changed from time to time without notice, subject to applicable law.

Competencies