OT Cybersecurity Engineer

RESPONSIBILITIES

for Cybersecurity

• Understands standards with respect to Operational Technology (OT) cyber security – not simply Information

Technology (IT) Cyber Security.

• Conversant with IEC 62443, ISA 99 and NIST 800-53 and their applications within an OT network.

• Understands the requirements for Cyber security performance, KPIs and surveillance requirements.

• Part of the OT Cyber security team to drive compliance to IEC62443 fleet wide, ensuring operability and safety

constraints of the offshore environment.

• Part of the OT Cyber security team Drive completion of GTS Alerts and Safety Alerts fleetwide within his scope

of expertise.

• Keeping up-to-date with the latest OT Cyber security trends, threats, and best practices.

• Monitor industry developments and alerts in terms of Cyber Security vulnerabilities.

• Fleet cyber security monitoring using OT Cyber security tools.

• Conduct OT Cyber security audits and contribute to Continuous Improvement of processes and systems.

• Ensure continuous improvement of their scope for the existing fleet and new builds to increase safety,

sustainability, and efficiency.

• Contribute to the development and implementation of existing Cyber Security Strategies, Processes and

Governance given by the SBM Monaco office to shore bases whilst utilising best practices on regulatory

requirements and engineering design.

• Contribute to the continuous improvement of processes, governance, and operation strategies.

• Provide technical support during WIN, EXECUTE, START-UP and OPERATE phase.

MAIN TASKS of OT Cybersecurity Engineer

• Work on defined initiatives to improve Cyber Security performance.

• Contribute to develop and sustain a Cyber Security community with the regions and coordinate with regional

disciplines.

• Participate to RAVA audits for Cyber Security and mobilize offshore as necessary.

• Participate to RAVA audits action management.

• Track and report progress for GTS Alerts and Safety Alerts actions.

• Support the fleet with technical support on all aspects of compliance with working instructions

• Analysis of the IDS alerts, evaluate threat impacts, work towards remediation, notify relevant stake holders

• Review of firewall logs.

• Vulnerability management, Obsolescence management.

• Remote connection reviews.

• Contribute to compliance to IEC 62443 by:

o Auditing of Vendors

o Supply chain checks

o Routine Risk assessments

o Improved Vulnerability Assessments to each and every exploit existing on Unit specific equipment

o Patch management

o Firewall management

o Incident Drills management

o Cyber Security Metric collection for dashboarding

o Awareness campaigns and further training

• Create monthly report for the fleet about cyber threats that are happening in the industry and cyber events

and technology that month.

• Liaise with Ops readiness, Supply chain, Discipline leads and OEMs to ensure key OEMs Support & Health

care contracts within his scope of competence are defined and in place prior to start-up.

• Collaborate effectively with the team to execute the assigned tasks and achieve collective objectives

• Offshore travel necessary as needed.

B- Job requirements

School/studies/degree:

• Degree qualified in Computing, Control, and electronic/electrical Engineering.

• Chartership or equivalent preferred

• IEC 62443 Cybersecurity or GICSP preferred

Experience:

• 8-10 years in Oil and Gas Industry

• 4-5 years of experience in Cyber Security with the Operational Technology environment

• Risk assessment, Gap assessment, OT Cyber security tools (Asset inventory, Vulnerability management,

SIEM)

• Field Experience is required

• Knowledge of ICSS systems (PCS7 Preferred) and prtotocols

• Offshore experience is preferred.

C- Behaviours & inter-personal skills – Key points

• Open minded with capability to approach problems from a multidiscipline angle.

• Good sense of ownership in the decision-making process.

• High Level of Safety Awareness

• High Level of Operability Awareness

• Proactive

• Good interpersonal communication and supervisory/leadership skills with strong commitment to a team

culture.

• Excellent computer soft skills and team spirit