Job Purpose/ Objective
Ensure protection of company's assets by identify, analyse and mitigate security threats and vulnerabilities. Plays a crucial role in developing and enforcing security policies and procedures to promote a culture of security. Responsible to implement the cyber security controls mandated by National Cyber Security Agency (NCSA) as part of the on-going audits. handling resources in Information security to manage the peak loads during cyber-attacks and handle incident responses and other aspects of cyber security. Manage the peak loads during cyber-attacks and handle incident responses and other aspects of cyber security. responsible for implementing the technical controls that will be provided to company in the Roadmap by NCSA.
Requirements
- Bachelor's/Master's degree in IT/Computer Science or any related discipline.
- Experience in Petrochemicals/oil & gas is prefered.
- Good understanding of the OT Security and IS 62443
- CCNA, OSCP, CompTia Security Plus, Sans Incident Handling Certifications/ GCIH, Blue Team security trainings preferred.
Key Accountabilities
Routine Duties
- Plan for disaster recovery and create contingency plans in the event of security breaches.
- Keep up to date with latest technology and research emerging cyber security threats and ways to manage them.
- Liaise with the NCSA and other stakeholders in relation to cyber security issues roadmap and provide solutions and implement and lead the initiatives.
- Lead all technical audits conducted by the internal and external auditors.
IT Operations and Technical Support
- Handle security alerts and incidents that are reported.
- Investigate and follow the Incident Response procedure for handling all types of incidents.
- Monitor for attacks, intrusions and unusual, unauthorized, or illegal activity.
Developing organization wide security protocols
- Test and evaluate security products, design new systems, and manage their upgrade, use tools to identify potential weakness and threat patterns and vulnerabilities in our systems.
- Identify security products and implement measures like security devices and controls like encryption.
- Monitor the Identity and access management, including monitoring for abuse of permissions.
Vulnerability Management
- Work with the teams to perform tests and uncover security vulnerabilities in the systems and network.
- Fix detected vulnerabilities to maintain a high security posture.
- Perform vulnerability analysis and penetration testing.
Liaise with ICS Security
- Co-ordinate with the various ICS Security teams at the plants to identify any risks related to IT/OT Convergence, participate in architecting new solutions and identifying risks for new deployments in the ICS and plant systems.
- Provide guidance by following the international standards like ISA 62443.
- Design security controls to protect the IT and OT systems and networks in scope.