Company: Saudi Aramco
Skills: IT - Analysis & Management
Experience: 10 + Years
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Salaried Employee
Location: Dhahran, Eastern Province, Saudi Arabia
No location/work authorization restrictions found.
We are seeking an ICS Cybersecurity Specialist to join the ICS Security Division of the Information Security Department.
The ICS Security Division is responsible for providing corporate direction for all industrial control system (ICS) cybersecurity Companywide.
The ICS Cybersecurity Division is primarily responsible for:
Leading Company efforts in this highly technical profession and associated systems to secure all Company oil and gas operations, refineries, pipelines, terminals, bulk plants, and electrical power substations from cyber threats.
Managing, developing, and deploying an ICS cybersecurity program including policies, strategy and roadmap, risk and compliance management, incident management, cybersecurity architecture, ICS cybersecurity vendor risks and compliance, ICS cybersecurity workforce, ICS cybersecurity research and development, monitoring and improving plants' cybersecurity KPIs and postures, and providing continual status updates to senior management.
Strengthening and monitoring the plants ICS security posture and providing continual and appropriate status updates to senior management
Your primary role is to develop, improve, and maintain a risk management frameworks; evaluate risks to ICS environments; research current and emerging threats; validate the likelihood of exploitation; articulate exposure levels; track and monitor risks; and seek to continually keep business decision makers informed about risks to the Saudi Aramco ICS landscape.
As the successful candidate you will hold a bachelor's degree in electrical engineering, computer engineering, or computer science from a recognized and approved program. An advanced degree is preferred.
You will have 10 years' experience in information security, including at least 5 years in ICS cybersecurity.
You must have ample experience in industrial cybersecurity standards and guidelines such as ISA 99 (IEC 62443), C2M2, API 1164, IEC 61850, and NIST 800-82.
You must have extensive experience in information security risk management frameworks, such as ISO 27005 and NIST800-30/39, and risk analysis methods such as ISF IRAM, FAIR, or OCTAVE
You will have the ability to secure major ICS vendors' systems such as Honeywell, Yokogawa, Siemens, Invensys Foxboro, Emerson, etc.
You must have experience of ICS/SCADA product quality security assurance assessments and reviews.
You must have excellent experience in ICS secure systems development methodology such as ISASecure.
You will be able to demonstrate knowledge and experience in working with IT GRC solutions such as Archer.
Duties and Responsibilities
You will be required to perform the following:
Create, lead, conduct, and track cybersecurity risk assessments of ICS's, to include all cyber assets, such as distributed control systems (DCS's), human-machine interfaces (HMIs), programmable logic controllers (PLCs), remote terminal units (RTUs), and supervisory control and data acquisition (SCADA) systems.
Understand and explain risks and exposure to ICS environments.
Conduct risk and threat research, keeping current with the evolving ICS threat landscape. U
Understand and incorporates ICS risk assessments reports into ICS risk registers.
Work with SMEs to gauge viability and sufficiency for proposed mitigations and remediation, ensuring risks will be reduced to accepted levels prior to implementation.
Research and contribute to industry best practices. Develop, deploy, and train personnel on internal ICS security standards based on NIST 800-82, ISA99, and other industry-specific security standards.
Perform security practices assessment to assess the ability of ICS/SCADA suppliers to meet ICS/SCADA security requirements for protecting Saudi Aramco Plants ICS/SCADA and manage identified risks.
Monitor ICS/SCADA supplier adherence to Saudi Aramco ICS/SCADA security requirements.
Perform ICS/SCADA product quality security assurance assessments and reviews against ICS/SCADA vendors to ensure security requirements are addressed.
Record flaws or security weaknesses identified during the security testing and security assurance reviews to be resolved.