Senior Officer, Business Conduct Assurance (IT)
Job Id 23866 Category Legal, Compliance & Audit United Arab Emirates Company Name ADNOC Offshore Abu Dhabi 09/19/2024
Lead and manage IT & OT discipline compliance assurance function, develop compliance programs & strategy. Act as a subject matter expert for Digital & Cyber Security and Operational Technologies and provide recommendation to derive digital excellence in the company and assurance of all IT operations and information security. Take lead role in developing annual IT BCA (Business Conduct Assurance) plan for . As part of developing annual plan, finalize Key Risk Areas to be verified, based on latest 5-year ADNOC Offshore Business Plan, Level 1 KPIs, Previous Verification Findings, Risk Register etc. Take measures to help protect and maintain confidentiality of company data and information systems from internal and external threats by recommending the implementation and maintaining Best-Of-Breed Cyber Security technologies. Exploring new technologies, which can add value to the company to ensure the availability, integrity and secure operations of the company IT environment and systems per best practices/guidelines. Prepare IT & OT assurance verification checklists with reference to Company Policies, Standards & Procedures, applicable national and international standards like: UAE Information Assurance Regulation (NESA), IEC 62443 (Security for Industrial Automation and Control Systems), ISO 27001 (Information Technology – Security Techniques – Information Security Management Systems – Requirements) etc. Develop the scope of work and requirements for external SMEs. Liaise with contractors to secure well qualified and experienced subject matter expert to support ADNOC OFFSHORE team in conducting the verifications when required. Review the CVs of SMEs submitted by the Contractor and conduct interview of shortlisted candidates. Conduct meetings with the selected SME to make them understand the Scope of Work, Key Risk Areas and reference standards & procedures before the start of verifications. Attend pre-readiness meetings and readiness meetings and conduct verifications. Identify existing and anticipated risks through verifications: related to IT & OT System vulnerabilities, outdated operating systems / antivirus software, patch management, Backup and restore management, physical security, system logs, SIEM (Security Information and Event Management) etc. Verify through the existence of Disaster Recovery (DR) solution the highest levels of availability, performance, and continuity of the IT & OT infrastructure systems and services at all sites and HQ Business Unites / divisions. Verify the compliance of the company IT and all Sites Information Security, services, Operations Security, and IT Assets with company policies, IT standards, and UAE National Electronic Security Authority (NESA) standards and regulations to ensure the highest levels of Information security of the IT infrastructure systems and services at all sites and HQ Business Unites / divisions. Ensure through verification the efficient operations of IT infrastructure systems, Applications, Databases, Networks, Telecoms, Operations Security, IT Equipment’s and services. Ensure through verification the maintenance of IT Hardware, Software, Operating Systems, Databases. Prepare preliminary verification report, participate in alignment sessions with Auditees and once aligned, issue the final verification report. Ensure that the IT BCA Verification reports are issued in a timely manner. Follow up for timely closeout of open action items related to IT and OT. Review action plans received against open findings and validate the same based on the evidence received. Maintain verification findings in a database using the current MS Access or other DB application. Support the concerned user divisions in close-out of Non-Conformances in a timely manner and maintain the compliance status of respective divisions. Provide advice about IT risk management and compliance procedure. Consult on IT / OT (Operations Technology) / ICS (Industrial Control System) security matters as and when needed. Efficiently execute the verifications within the defined time frame as per the annual verification plan. Update Business Assurance dashboard with the status of the findings and update senior management with the outcome. Register lessons learned from IT / OT verifications and share the same with team members. Contributes to the overall success of ADNOC Offshore Corporate Assurance Division by working as a team member on audits and special projects and performing all other duties and responsibilities as assigned. Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, and attending training and/or courses as required by the CAD Management. Contribute to identifying, establishing, and delivering Corporate Assurance Division’s Performance scorecards, and its Milestones and Strategic Initiatives related to technical assurance. Plan, supervise and coordinate all activities in the assigned area to meet functional objectives. Train and develop the assigned staff on relevant skills to enable them to become proficient on the job and deliver the respective section objectives. 8 - 9 years of experience in IT and OT, preferably in Oil and Gas Industry. Working knowledge of ISO 27001 (Information Technology – Security Techniques – Information Security Management Systems – Requirements). Working knowledge of IEC 62443 (Security for Industrial Automation and Control Systems). Should possess good communication & report writing skills. Location Abu Dhabi, United Arab Emirates
