QAFCO (Qatar Fertiliser Company)
About the job
Job Summary and Purpose:
Responsible for the governance and assurance of OT Cyber Security in alignment to the Cyber security strategy and business priorities. Identifies OT Cyber Security requirements and develop architecture and configuration benchmarks.
- Establish, maintain and execute QAFCO OT cyber security strategy.
- Establish QAFCO OT cyber-security standards to be incorporated into all existing and new QAFCO OT related systems.
- Ensure compliance across all business functions in QAFCO with QAFCO OT cyber-security requirements.
- Implement, monitor, and continuously improve cyber security governance and assurance framework.
- Responsible for establishing and maintaining third party management, risk management, incident management, user access control and security monitoring processes and practices. Cooperate with and support other stakeholders of these areas, such as Production, Maintenance, Engineering, Projects, and line management.
- Establish, monitor, review and update cyber security controls across the OT environment in line with Qatari Law and other applicable regulatory requirements. Responsible for the establishment of OT cyber security controls for all OT systems. Cooperate with and support other stakeholders of these areas, such as Production, Maintenance, Engineering, Projects, and HSEQ.
- Coordinate OT asset identification, vulnerability management and remediation.
- Promote security awareness across the OT organization.
- Manage and execute QAFCO OT cyber-security projects and other projects assigned by the Cyber Security Manager.
- Provide quality assurance on projects, ensure that the change the projects bring into the OT environment are in line with cyber security requirements.
- Plan, prepare and execute OT cyber security governance and assurance projects.
- Develop and implement OT cyber security standards, controls, and procedures. Develop OT cyber security benchmarks and hardening guidelines.
- Develop OT cyber security requirements for the OT system, infrastructure, and operation. Identifies, monitors, and assesses key security controls.
- Coordinate OT system vulnerability assessments.
- Review and assure that the modifications to the OT systems and architecture are in line with cyber security requirements and standards.
- Participate in responding to any OT cyber security-related incidents and provide a complete post-event analysis once there is a resolution.
- Provide technical and subject matter expertise in OT cyber security.
- Identify and analyse OT cyber security risks and assess vulnerabilities.
- Develop mitigating actions/risk treatment plans and manage the execution of those actions.
- Manage and update risk registers on a quarterly basis.
- Conduct risk analysis, considering the value of the assets, their exposure to a threat actor and the vulnerabilities that could be exploited during an incident.
- Ensure that OT operational processes and practices are in line with OT cyber security internal and external requirements.
- Manage internal and external cyber security audit and compliance, and remediation of possible findings in a timely manner.
- Ensure compliance with local OT cyber security standards.
Desired Candidate Profile:
- Bachelor’s Degree in relevant discipline from a recognized University.
- Minimum of 8 years direct and relevant experience.
- In depth knowledge of risk and security frameworks, standards, and best practices (e.g., NIST, COBIT, ISO2700x).
- Credentials: GICSP (Global Industrial Control System Professional) will be an advantage.
- IEC/62443 certified information security auditor (CISA), certified information security manager (CISM), certified in risk and information system control (CRISC), certified information systems and security professional (CISSP) will be considered as an additional advantage.
Posted on Sep 3, 2023.