Applications have closed

Job Description

 

Senior Engineer, Cyber Security – Oman, will assist in design review for new projects, installation, operation, and support IT/OT security systems and controls to ensure they operate properly and remain secure from outside intrusion. In addition, enhancing the capabilities, lifecycle / obsolescence management of IT/OT assets from cybersecurity perspective and keep the company secure to stay ahead of the curve in everything.

 

  • Maintain compliance with ACWA policies and local regulatory requirements.
  • Assist the project teams during design review of IT/OT architecture to make sure that plant design is as per ACWA Power Cybersecurity guidelines (OTS exhibits normally) + plant is designed as per the local legal cybersecurity directives.
  • Ensure the implementation of cybersecurity policies, procedures, and standards.
  • Implement ACWA Power IT/OT SOP (Standard Operating Procedures) framework across critical systems in the respective cluster.
  • Develop and maintain asset log / register for all cybersecurity components (equipment’s) to perform vulnerability assessment and implement risk mitigation actions.
  • Develop disaster recovery plans and execute routine disaster recovery drills.
  • Develop and implement routine backup (online and offline) management for IT and OT systems.
  • Develop obsolescence / life cycle management plan for IT and OT devices with regard to cybersecurity focusing spares availability, patch deployment, etc.
  • Lead the IT/OT internal audit for the region and take ownership in closure of all open action items.
  • Contribute to Conduct risk assessments and follow up on the status of risks and actions taken in coordination with stakeholders.
  • Implementing the cybersecurity awareness and training program and measuring the extent of employees’ commitment to cybersecurity awareness.
  • Follow up on cyber security monitoring systems to ensure their stability and availability and submit reports to describe their status.
  • Ensuring the integration of all critical systems with the corporate (SIEM)
  • Collect cybersecurity events in the information and technology assets of the Cybersecurity Event Logs Management and Monitoring (SIEM) system, analyze the logs, and identify cybersecurity risks.
  • Handling cyber security incidents and following up on their closure, and escalation of existing events that exceed a defined service level agreement.
  • Continuous evaluation of vulnerabilities and follow-up application of security update packages and settings.
  • Arrange and Contribute to the periodic penetration tests on all internal and externally provided services and their technical components to assess the level of cybersecurity.
  • Managing Logical Access to Information and Technology Assets by defining cybersecurity requirements for managing access identities and permissions, documenting and implementing them.
  • Create and install the required endpoint protection such as anti-virus, firewalls, etc. based on the gaps identified in the analysis conducted by ACWA.
  • Ensure that endpoint security solution is implemented across the systems (IT and OT) in the plant and identify inconsistencies.
  • Maintain up-to-date signatures on the endpoint security agents (IT and OT).
  • Conduct periodic scanning and checksum to ensure the security status (i.e. YARA rules, queries).
  • Conduct periodic simulated phasing attacks.
  • Evaluate the network security controls, protocols, topologies, and device configurations.
  • Analyze log files related to network traffic, firewalls, IDS, IPS, and DNS. Identify any suspicious activity and its effect on the plant data and systems.
  • Implement and test the firewalls, IDS, and IPS systems.
  • Conduct periodic network security audits.
  • Participate in incident response and business continuity management.
  • Manage VPN profiles and access.
  • Identify the list of network devices managed the Cybersecurity Operations function and maintain an updated asset inventory defining the criticality and ownership.
  • Maintain a baseline configuration for the network security assets such as internal/external firewalls, IPS/IDS, NAC systems, anti-DDOS, and VPN and test firewall and IDS/IPS logs against forensics requirements.
  • Establish guidelines for encrypting email communications and digitally signing emails and integrate with DLP solution once deployed.
  • Schedule periodic configuration reviews to ensure network device configurations follow best practices.
  • Document a process for network devices to align with approved security configurations.
  • Contribute to the annual budget for cybersecurity as well as the annual budget of the project company and the plant in the respective site.
  • Manage and monitor the financial performance against the approved budget.
  • Follow up with EPC and the project company during the construction phase to ensure the implementation of cybersecurity requirements in the OTS and O&M agreement.
  • Lead the internal and external cybersecurity audits and implement the resolution of observations.
  • Contribute to the annual audit of the ISO 27001 ISMS certification.
  • Deploy all the requirements of ISO certifications including information security and digital business continuity management.
  • Ensure data gathering from all critical IT/OT systems to ACWA Power data lake in coordination with digital operations, cybersecurity, and I&C teams.

 

Who will fit:

  • Bachelor degree holder in IT Engineering or Computer Science
  • Working knowledge of electrical installations
  • Working knowledge in CSP, PV and Wind technologies is an added advantage
  • 5+ years’ experience the IT / Cybersecurity operation

 

Skills

 

  • Strong Understanding of multiple IT technologies and processes.
  • Direct skills of Cybersecurity operations
  • Ability to analyze and resolve complex issues both logical and interpersonal.
  • Strong knowledge on Cybersecurity monitoring and compliance.
  • Excellent knowledge of IT policies and regulatory requirement
  • Ability to evaluate new technology from a commercial lens
  • High understanding of data analysis and budgeting
  • Effective verbal and written communications skills
  • Ability to negotiate and defuse conflicts
  • Manage ambiguity: Ability to take decisions and operate in ambiguity
  • Collaborates: High communication and interpersonal abilities.
  • Ensures accountability: High commitment to the work and deliver high performance

 

 

Print Job Listing
We use cookies to improve your experience on our website. By browsing this website, you agree to our use of cookies.

Sign in

Sign Up

Forgot Password

Cart

Cart

Share