ConocoPhillips Information Security Analyst in HOUSTON, Texas

Title: Information Security Analyst


Job Number: 00RZF

Our Company

ConocoPhillips is the world’s largest independent E&P company based on production and proved reserves. Headquartered in Houston, Texas, ConocoPhillips had operations and activities in 16 countries, $70 billion of total assets, and approximately 10,800 employees as of Dec. 31, 2018. Production excluding Libya averaged 1,242 MBOED in 2018, and preliminary proved reserves were 5.3 billion BOE as of Dec. 31, 2018.

Employees across the globe focus on fulfilling our core SPIRIT Values of safety, people, integrity, responsibility, innovation and teamwork. And we apply the characteristics that define leadership excellence in how we engage each other, collaborate with our teams, and drive the business.


The Information Security Analyst is a key member of the organization’s Information Risk Management Program and of the Information Security team. The Information Security Analyst works closely with the other members of the team to develop and implement the information security program. This includes defining security policies, processes and standards. The Information Security Analyst works with members of the global IT organization to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.

This position can be located in either Bartlesville, OK or Houston, TX.

Responsibilities may include:

Primary Duties

  • Works with ConocoPhillips business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:

  • Business system analysis

  • Communication, facilitation and consensus building

  • Assists in the coordination and completion of information security operations documentation

  • Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks

  • Reports to ConocoPhillips management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance

  • Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure security controls are implemented as planned

  • Collaborates on critical IT projects to ensure security issues are addressed throughout the project life cycle

  • Works with ConocoPhillips IT department and members of the information security team to identify, select and apply technical controls

  • Develops security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained

  • Advises security administrators on normal and exception-based processing of security authorization requests

Additional Duties

Depending on the scope of the role, the information security analyst may be asked to fulfill on one or more of the following duties.

Definition and Implementation of Controls

  • Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems

  • Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment

Governance and Policy Support

  • Works within the information security governance process to define control recommendations that are both efficient and effective

  • Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes

Information Security Architecture Support

  • Assists in the development of security architecture and security policies, principles and standards

  • Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required



  • Legally authorized to work in the United States

  • 5 years of IT or network security experience

  • 3 years of experience performing risk, business impact, control and vulnerability assessments

  • 1 years of experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) frameworks

  • 1 years of experience in developing, documenting and maintaining security policies, processes, procedures and standards

  • Advanced knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls

  • Advanced knowledge of risk assessment methods and technologies

  • Advanced knowledge of business applications, including ERP and financial systems

  • Advanced knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools

  • Intermediate knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts

  • Willing and able (with or without reasonable accommodation) to travel 25% of the time


  • Bachelor’s degree or higher in Computer Science, Information Systems, Information Technology, Management Information Systems or related technical discipline

  • CISSP or other equivalent certification

  • 3 years of experience in developing, documenting and maintaining security policies, processes, procedures and standards

  • Intermediate experience with Audit, compliance or governance

  • Takes ownership of actions and follows through on commitments by courageously dealing with important problems, holding others accountable, and standing up for what is right

  • Delivers results through realistic planning to accomplish goals

  • Generates effective solutions based on available information and makes timely decisions that are safe and ethical

To be considered for this position you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature on or before the requisition closing date of March 26, 2019.

Candidates for this U.S. position must be a U.S. citizen or national, or an alien admitted as permanent resident, refugee, asylee or temporary resident under 8 U.S.C. 1160(a) or 1255(a) (1). Individuals with temporary visas such as A, B, C, D, E, F, G, H, I, J, L, M, NATO, O, P, Q, R or TN or who need sponsorship for work authorization in the United States now or in the future, are not eligible for hire.

ConocoPhillips is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, veteran status, gender identity or expression, genetic information or any other legally protected status.

Job Function: Information Management-Information Technology

Job Level: Individual Contributor/Staff Level


Title: Information Security Analyst