Head of Cybersecurity & GRC

Company Overview

At Crescent, we are investors and operators delivering value to shareholders through a disciplined, returns-driven growth through acquisition strategy and consistent return of capital. Our long-life, balanced portfolio combines stable cash flows from low-decline production with deep, high-quality development inventory. Our activities are focused in Texas and the Rocky Mountain region.

The

is a senior leadership position responsible for safeguarding the organization’s digital assets, operational infrastructure, and sensitive data across IT and OT environments. This role leads the strategy, execution, and oversight of the cybersecurity program and enterprise risk management framework grounded in NIST CSF and aligned with upstream oil and gas business needs.

This leader will ensure that cybersecurity and compliance practices are embedded across the organization while enabling innovation and operational continuity. The ideal candidate brings a balance of technical expertise, strategic leadership, and deep upstream oil & gas experience, particularly with production, drilling, field operations, and industrial control systems (ICS/SCADA). This position will require continuous learning and on-going stewardship and prioritization of resources to effectively align safeguards over technology components relative to the anticipated threat landscape. This individual will play a critical role in accelerating our journey toward becoming a data-driven, technology-enabled enterprise, especially in the context of the energy sector's transformation.

+ Develop and lead the enterprise cybersecurity strategy, with a strong foundation in the NIST Cybersecurity Framework (CSF). + Oversee security operations, incident response, vulnerability management, and threat intelligence for IT and OT environments. + Implement layered defense strategies, including network segmentation, endpoint protection, identity and access management (IAM), and security monitoring (SIEM/SOAR).

+ Design and operate an enterprise GRC program to manage cyber, regulatory, operational, and third-party risk. + Lead compliance with relevant standards and regulations (e.g., NIST, SOX, TSA Pipeline Security Directives, SEC cyber disclosure, FERC, PHMSA). + Oversee internal/external audits, risk assessments, insurance questionnaires, and policy development ensuring alignment with corporate and industry standards

+ Collaborate with operations, engineering, and field teams to secure industrial control systems (ICS), SCADA, and edge devices across upstream assets. + Establish risk-based security controls for field operations without compromising uptime or performance. + Build and foster OT cybersecurity awareness and partnerships across HSE, Production, Drilling, and Asset teams.

+ Serve as a trusted advisor to executive leadership on cyber risk, digital trust, and security investments. + Develop and lead a high-performing cybersecurity and GRC team spanning security engineering, compliance, risk, and awareness functions. + Build relationships across IT, Legal, Operations, and External Affairs to embed cybersecurity into core business processes and programs. + Facilitate regular cybersecurity and risk reporting to the Board Audit Committee, translating technical risks into business impact and ensuring executive alignment on risk posture and mitigation strategies + Develop and foster external relationships with organizations and key contributors that support and may enhance the on-going cybersecurity posture and overall operational resilience (e.g. ONE-ISAC, DHS CISA, FBI, etc.)

+ Oversee security architecture for cloud, on-prem, and hybrid environments ensuring secure adoption of platforms like Snowflake, Azure, and SaaS tools. + Evaluate and implement cybersecurity tools, technologies, and services to strengthen the enterprise security posture. + Lead security reviews of new projects, platforms, and partnerships (M&A, joint ventures, field digitization efforts). + Coordinate and review the risk profiles associated with technology vendors and service providers (third & fourth party).

Qualifications & Experience

Work Environment & Physical Requirements

Crescent Energy is an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, gender/pregnancy, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status or any other legally protected status. Crescent Energy is also committed to compliance with all fair employment practices regarding citizenship and immigration status. If you require accommodation to complete the application process, please let us know by contacting Kimberly Kalsey at Kimberly.Kalsey@crescentenergyco.com.