OT Consultant
Required Experience: Min 10 year
Location: Alkhobar/Jubail, KSA
Required Duration: 1 year & Extendable
 
 
Job Description:

Industrial Cyber Security Specialist:

·         University or Bachelor/Master’s degree in IT, computer science, information security or relevant major

·         CISSP - Certified Information Systems Security Professional (Must)

·         GIAC Global Industrial Cyber Security Professional (GICSP) (Must)

·         ISA/IEC 62443 Cybersecurity Risk Assessment Specialist (preferred)

·         SCF – Certified  SABSA Chartered Foundation ( preferred )

·         CRISC -  Certified in Risk and Information Systems Control (preferred)

·         ISO27001/2:2013 Lead Auditor and Implementer (preferred)

·         SEC504: Hacker Tools, Techniques, Exploits and Incident Handling (preferred)

·         CEH - Certified Ethical Hacker (preferred)

Minimum Experience

·         10+ years’ experience working within a global enterprise’s Information and Industrial technology environments, preferably in petrochemicals and manufacturing.

·         7+ years’ experience in information security and Industrial Cyber Security with at least 3 years in Risk Management

Job Specific Skills

·         Knowledge of field device architecture (e.g., relays, PLC, switch, process unit)

·         Knowledge of industrial protocols (e.g., modbus, modbus TCP, DNP3, Ethernet/IP, OPC)

·         Knowledge of network segmentation (e.g., partitioning, segregation, zones and conduits, reference    architectures, network devices and services, data diodes, DMZs)

·         Knowledge of embedded device (e.g., PLCs, controllers, RTU, analyzers, meters, aggregators, security issues, default configurations)

·         Knowledge of basic process control systems (e.g., RTU, PLC, DCS, SCADA, metering/telemetry, ethernet I/O, buses, Purdue (ISA 95))

·         Knowledge of safety and protection systems (e.g., SIS, EMS, leak detection, FGS, BMS, vibration monitoring)

·           Knowledge of risk management processes (e.g., methods for identifying, assessing, evaluating, mitigating, monitoring and communicating risk).

·         Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

·         Knowledge of information security threats and vulnerabilities.

·         Knowledge of information security defense mitigation techniques and vulnerability assessment tools and their capabilities.

·         Knowledge of different security assessment and testing strategies

·         Knowledge of identity and access management controls, requirements and mechanisms.

·         Knowledge of cryptography and cryptographic key management concepts.

·         Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

·         Knowledge of information security principles and requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data.

·         Knowledge of major industry/international information security standards and best practices.

·         In-depth knowledge and experience with ISA/IEC 62443, ISO/IEC 27001/2, ISO/IEC TR 27019, NIST Cyber Security Framework (CSF), NIST 800-82 latest revision

·         Knowledge of major risk management frameworks such as ISO31000, PHA, hazop, Factor Analysis of Information Risk (FAIR), SABSA, ISF IRAM and COBIT for Risk.

·         Knowledge of current industry methods for evaluating, implementing, and disseminating Information and Industrial technology security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities.

·         Knowledge of new and emerging Information and Industrial Technology and cyber security technologies.

·         Knowledge of structured analysis principles and methods.

·         Skill in determining how a security system should work, including its resilience and dependability capabilities, and how changes in conditions, operations, or the environment will affect these outcomes.

·         Knowledge of Personally Identifiable Information (PII) data security standards.

·         Knowledge of Information Industrial technology supply chain/vendor security and risk management policies, requirements, and procedures.

·         Skill in evaluating the trustworthiness of the supplier and/or product.

·         Knowledge of cloud security risks, design concepts, implementation, architecture, operations, controls, and compliance requirements with regulatory frameworks

·         Knowledge of computer networking concepts and protocols, and network security methodologies.

·         Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth).

·         Skill to assess and define mitigations for vulnerabilities of security architectures, designs, and solution elements

·         Knowledge of security architecture concepts and enterprise architecture reference models (e.g., SABSA, TOGAF and Zackman).

·         Knowledge of information classification scheme and procedures for level information loss.

·         Knowledge of security requirements and process in the software development lifecycle

·         Knowledge of industry standard Information and Industrial security solutions

·         Actively generates process improvements; supports and drives change, and confronts difficult circumstances in effective ways