Chief Information Security Officer in Urmston

LyondellBasell is a leader in the global chemical industry creating solutions for everyday sustainable living. With a nearly 70-year legacy that includes a Nobel Prize in Chemistry and our proprietary MoReTe recycling technology, LYB is enabling a more sustainable future for generations to come. LYB develops high-quality and innovative products for applications ranging from sustainable transportation and food safety to clean water and quality healthcare. LYB places high priority on diversity, equity and inclusion and is advancing good with an emphasis on our planet, the communities where we operate and our future workforce. We're addressing the global challenges of ending plastic waste, taking climate action, and supporting a thriving society, while generating value for our customers, investors, and society.

The Chief Information Security Officer (CISO) is responsible for defining, implementing, and managing the company’s information and operational technology (OT) security strategy and roadmap, aligning with enterprise IT and business objectives. Reporting to the Chief Information Officer (CIO), the CISO leads a hybrid security model that leverages a Managed Security Provider (MSP) for security operations and an internal Governance, Risk, and Compliance (GRC) team for policy, audit, and risk oversight. This role is critical for protecting intellectual property, systems, and data, ensuring that the organization’s cybersecurity posture supports both safe manufacturing operations and business growth while enabling innovation across IT and OT environments.

Key Responsibilities

• Develop and execute the enterprise cybersecurity strategy aligned with the IT roadmap and business priorities.
• Act as the principal advisor to the CIO, Board, and executive leadership on cybersecurity risk, threat intelligence, and compliance posture.
• Integrate security into IT projects, plant modernization, cloud migrations, and digital transformation initiatives.
• Represent information security in IT governance forums and architecture councils.
• Lead the internal GRC function responsible for cybersecurity policy, audit, and enterprise risk management.
• Ensure compliance with key regulatory and industry standards.
• Conduct regular risk assessments, coordinate internal and external audits, and report findings to the CIO and executive leadership.
• Oversee the company’s MSP, ensuring effective monitoring, threat detection, and incident response.
• Maintain clear SLAs, KPIs, and escalation procedures, and operational metrics for the MSP’s performance.
• Lead coordination between IT, OT, and MSP teams during security incidents, ensuring business continuity and operational safety.
• Ensure compliance of both IT and OT networks with corporate cybersecurity policies and secure configuration standards.
• Partner with IT infrastructure, network, and operations teams to maintain secure architectures across corporate, cloud, and plant systems.
• Collaborate with operations and engineering to implement cybersecurity controls for industrial control systems (ICS / OT), including network segmentation, access management, and patch governance.
• Oversee data protection, encryption, and identity management initiatives across sites.
• Manage cybersecurity due diligence and oversight for vendors, suppliers, and partners.
• Collaborate with Procurement and Legal to integrate security requirements into contracts and service agreements.
• Promote cybersecurity awareness and accountability across all levels of the organization.
• Oversee employee training programs on phishing, safe system use, and industrial cyber-physical security.
• Engage with plant leadership and EHS (Environment, Health, and Safety) teams to align cyber and physical safety programs.
• Manage the information security budget in coordination with the CIO.
• Lead and mentor a small, high-performing internal team focused on governance, compliance, and strategic risk management.

This is who you are

To be successful in this role, you must recognise yourself in the following profile: The role requires deep expertise in cybersecurity across both IT and OT environments, combined with strong vendor management and MSP oversight capabilities. It demands excellent communication, leadership, and influencing skills to bridge technical and business functions, along with a strategic mindset to convert risk into actionable priorities. Success is measured by reducing enterprise and OT security risks, ensuring MSP performance meets SLAs, and achieving compliance with audits and regulations. Additional metrics include effective security integration in IT / OT projects and fostering employee awareness and adherence to policies.

This is what you bring

• Bachelor’s degree in Information Security, Computer Science, Engineering, or related discipline (Master’s preferred).
• 10+ years of experience in information security or risk management, including at least 3–5 years in a senior leadership capacity.
• Experience in manufacturing or critical infrastructure environments (chemical, energy, or industrial sectors strongly preferred).
• Proven success managing outsourced security operations and internal compliance teams.
• CISSP or CISA Certification is required.
• ISO 27001 Lead Implementer / Auditor.

This is what we offer

We offer an environment where we encourage personal and professional growth and where you will be rewarded for your performance and results. You will have the possibility to work with specialists in all fields to develop innovative solutions and to extend your national and international network. In addition, we offer you a competitive salary package.

Interested? The recruitment process consists of an initial phone screening and business interviews before proceeding to a possible job offer. A background check will be part of the process as well.