logo

View all jobs

OT Consultant

Jubail, KSA, Eastern Province · Information Technology
OT Consultant
Required Experience: Min 10 year
Location: Alkhobar/Jubail, KSA
Required Duration: 1 year & Extendable
 
 
Job Description:
Industrial Cyber Security Specialist:
 
·         University or Bachelor/Master’s degree in IT, computer science, information security or relevant major
·         CISSP - Certified Information Systems Security Professional (Must)
·         GIAC Global Industrial Cyber Security Professional (GICSP) (Must)
·         ISA/IEC 62443 Cybersecurity Risk Assessment Specialist (preferred)
·         SCF – Certified  SABSA Chartered Foundation ( preferred )
·         CRISC -  Certified in Risk and Information Systems Control (preferred)
·         ISO27001/2:2013 Lead Auditor and Implementer (preferred)
·         SEC504: Hacker Tools, Techniques, Exploits and Incident Handling (preferred)
·         CEH - Certified Ethical Hacker (preferred)
 
Minimum Experience
·         10+ years’ experience working within a global enterprise’s Information and Industrial technology environments, preferably in petrochemicals and manufacturing.
·         7+ years’ experience in information security and Industrial Cyber Security with at least 3 years in Risk Management
Job Specific Skills
·         Knowledge of field device architecture (e.g., relays, PLC, switch, process unit)
·         Knowledge of industrial protocols (e.g., modbus, modbus TCP, DNP3, Ethernet/IP, OPC)
·         Knowledge of network segmentation (e.g., partitioning, segregation, zones and conduits, reference    architectures, network devices and services, data diodes, DMZs)
·         Knowledge of embedded device (e.g., PLCs, controllers, RTU, analyzers, meters, aggregators, security issues, default configurations)
·         Knowledge of basic process control systems (e.g., RTU, PLC, DCS, SCADA, metering/telemetry, ethernet I/O, buses, Purdue (ISA 95))
·         Knowledge of safety and protection systems (e.g., SIS, EMS, leak detection, FGS, BMS, vibration monitoring)
·           Knowledge of risk management processes (e.g., methods for identifying, assessing, evaluating, mitigating, monitoring and communicating risk).
·         Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
·         Knowledge of information security threats and vulnerabilities.
·         Knowledge of information security defense mitigation techniques and vulnerability assessment tools and their capabilities.
·         Knowledge of different security assessment and testing strategies
·         Knowledge of identity and access management controls, requirements and mechanisms. 
·         Knowledge of cryptography and cryptographic key management concepts.
·         Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
·         Knowledge of information security principles and requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data.
·         Knowledge of major industry/international information security standards and best practices.
·         In-depth knowledge and experience with ISA/IEC 62443, ISO/IEC 27001/2, ISO/IEC TR 27019, NIST Cyber Security Framework (CSF), NIST 800-82 latest revision
·         Knowledge of major risk management frameworks such as ISO31000, PHA, hazop, Factor Analysis of Information Risk (FAIR), SABSA, ISF IRAM and COBIT for Risk.
·         Knowledge of current industry methods for evaluating, implementing, and disseminating Information and Industrial technology security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities.
·         Knowledge of new and emerging Information and Industrial Technology and cyber security technologies.
·         Knowledge of structured analysis principles and methods.
·         Skill in determining how a security system should work, including its resilience and dependability capabilities, and how changes in conditions, operations, or the environment will affect these outcomes.
·         Knowledge of Personally Identifiable Information (PII) data security standards.
·         Knowledge of Information Industrial technology supply chain/vendor security and risk management policies, requirements, and procedures.
·         Skill in evaluating the trustworthiness of the supplier and/or product.
·         Knowledge of cloud security risks, design concepts, implementation, architecture, operations, controls, and compliance requirements with regulatory frameworks
·         Knowledge of computer networking concepts and protocols, and network security methodologies.
·         Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth).
·         Skill to assess and define mitigations for vulnerabilities of security architectures, designs, and solution elements
·         Knowledge of security architecture concepts and enterprise architecture reference models (e.g., SABSA, TOGAF and Zackman).
·         Knowledge of information classification scheme and procedures for level information loss.
·         Knowledge of security requirements and process in the software development lifecycle
·         Knowledge of industry standard Information and Industrial security solutions
·         Actively generates process improvements; supports and drives change, and confronts difficult circumstances in effective ways
Kind Regards,

Jobskey Search and Selection 

KSA Office 
-- Email: Consultant@jobskeysearch.com| Website:  www.jobskeysearch.com

Resumes@Jobskey.com | Website: www.jobskey.com 
 

More Openings

Credit Controller
Senior Business Analyst
ANALYST PROGRAMMER
Kony Developer

Share This Job

Powered by