1. JOB DETAILS:
Position Title: Senior Specialist: OT Security Operations
Broad Band: M10: Professional
Department & Function: Ma’aden Cyber Security
Date Prepared/Revised: Apr-19
Talent Pipeline Layer: Manage Self: Technical Professional
2. OVERALL JOB PURPOSE:
The Senior Specialist OT Security Operations is responsible for leading the staging, implementation, deployment, configuration, management and fine tuning of all OT security solutions at Affiliate level. This function also owns end to end responsibility for maintaining all the security components of the operating systems and network/security devices for existing OT cyber assets within a particular affiliate
3. QUALIFICATIONS, EXPERIENCE & SKILLS:
Qualification:
• Engineering Degree (Bachelor`s degree) in electronics (electrical, mechanical, mechatronics) engineering.
• Fluency in English.
Experience:
1. At least 6- 8 years' related experience in implementation of OT security projects.
Skills:
1. Sound knowledge and practice of cyber security standards (ISO27001/27002/27005, NIST).
2. Sound knowledge and practice of enterprise security frameworks such as SABSA.
3. Sound knowledge and practice of IEC-62443 set of standards.
4. Knowledge of Industrial Control Systems, Industrial Communications Protocols.
5. Desirable certifications such as GICSP, IEC-62443 or Certified Scada Security Professional.
4. KEY ACCOUNTABILITIES:
Focus Area
Get results through individual contribution, effort and self management
Operational / Functional
1. Security configuration and continuous management of OT security solutions/products including all other connected cyber assets, to keep them up to date and to maintain the overall security posture
2. Assist Business Partner: OT Security in evaluating existing technical capabilities and systems, and identify opportunities for improvement of OT Cyber Security requirements
3. Regularly update, maintain and implement cybersecurity standard operating procedures (minimum security baselines) with the assistance of the Business Partner: OT Security to effectively meet OT operational requirements and to ensure continuous improvement
4. Ensuring all activities of the OT Cyber Security are performed in according to defined policy, standards and security best practices
5. Deploy and maintain patch management of operating systems, network and security all OT cyber assets and ensure the overall health
6. Management, verification, validation, collection of security logs for all the OT cyber assets
7. Manage user and system access including user and group permissions updates for all OT cyber assets
8. Assist Business Partner: OT Security in improving upon existing processes through operational changes in terms of OT components
9. Define, maintain and implement Cyber Security requirements for all OT projects and supply chain activities in collaboration with Business Partner: OT Security
10. Implement, integrate and maintain all new security solution/devices into Ma'aden’s OT affiliate environment
11. Generating reports as required by the resident Business Partner: OT Security and escalate issues whenever necessary
Leadership
1. Understand, support and live the Ma'aden vision, values and goals
2. Takes accountability for personal improvement, personal development, skills development and effectiveness
3. Takes responsibility, agree on and review personal performance goals and achievement of high performance goals
4. Plan, organize, control and report own work and consistently ensure that work is completed to plan
5. Regularly achieves the Application/compliance of policies, practices, standards, procedures and methods
6. Resolve work obstacles and issuess positively through Problem solving and decision making
Relationships
1. Fully understand and deliver on customers/partner needs and expectations through positive Working relationships with all related stakeholders (internal and external)
2. Consistently maintain constructive relationships within the team and with all stakeholders through relationships and collaboration
3. Team and customer communication
4. Continuous improvement through Sharing new ideas and implementing them
1. ICT-SS
2. Cyber Security
3. Internal Audit
4. ICT GRC
5. Ma’aden affiliates
6. ICS customers / Partner
7. Technology vendors
8. External Audit
9. Build and maintain a positive working relationship with OT Security Consultant and coordinate all OT Security activities with them
10. Primary liaison between key stakeholders of MA’ADEN’s BCP e.g. Senior Management, Directors and Managers, Staff, Consultants, vendors and auditors.
5. COMPETENCIES:
Technical/Functional
1. ISO 27002 - Information Security Controls
2. ISO 27005 - Risk Management
3. Enterprise Architecture
4. OT/Solution Architecture
5. Security Architecture Controls Implementation
6. Cloud Security
7. OT Governance and Compliance Framework
8. OT Planning
9. Emerging OT Technologies
10. OT Infrastructure Development
11. OT data and network security architecture design
12. OT Security Threats mitigation
13. OT Data Operations
14. OT Service Support
Leadership
1. Leadership
2. Teamwork
3. Integrity
4. Care
5. Ownership
6. Accountability
7. Communication
8. Time Management, Planning and Organization
Safety
• Safety advocate - anywhere and everywhere
• Sound knowledge and application of HSE rules and procedures
• Concern for own wellbeing and that of others
• Ability to pro-actively identifying safety hazards and act accordingly