Manager

Petrofac is a leading international service provider to the energy industry,
with a diverse client portfolio including many of the world 's leading energy
companies.

We design, build, manage and maintain infrastructure for our clients. We
recruit, reward, and develop our people based on merit regardless of race,
nationality, religion, gender, age, sexual orientation, marital status or
disability. We value our people and treat everyone who works for or with
Petrofac fairly and without discrimination.

The world is re-thinking its energy supply and energy security needs; planning
for a phased transition to alternative energy sources. We are here to help our
clients meet these evolving energy needs.
This is an exciting time to join us on this journey.

We support flexible working requests and have adopted a hybrid approach for
most of our office-based roles. We ask employees to be present in the office
at least three days per week.

Are you ready to bring the right energy to Petrofac and help us deliver a
better future for everyone?

JOB TITLE: MANAGER - CONTROL AND INSTRUMENTATION (ICS/OT/IT CYBER
SECURITY)

KEY RESPONSIBILITIES:
* Responsible for procurement related activities such as preparation of Inquiry Requisition, participate in Technical Evaluation of vendor offers, Purchase Requisitions, Preparation and providing guidance on Technical Bid Evaluations and Vendor Document Reviews.
* Review the ITB (Invitation to Bid) documents submitted in the proposals stage, Contract documents, issue inquiry requisitions, review techno-commercial vendor offers, prepare equipment, material and man-hour estimates.
* Responsible to lead Overall OT/IT cyber security for major ICSS OT projects.
* Responsible to develop Cyber Security Plan for the project and approval from Client.
* Reviewing network architectures and determining if good practices are being followed (e.g., the "zones & conduits" concept, proper network segmentation, use of Industrial DMZ, etc.); and providing recommendations to comply with applicable cybersecurity framework.
* Reviewing security products utilized (e.g., firewalls, IDS, IPS) and determining if they are configured properly.
* Monitor deployment of network infrastructure devices (e.g., switches, routers, etc.), security appliances (e.g., firewalls, IDS, etc.), and virtualization solutions.
* Reviewing security policies, plans, and procedures; assessing network monitoring capabilities; analyzing system logs, security events, and packet captures to identify security threats; and providing recommendations to comply with applicable cybersecurity framework.
* Lead design reviews/workshops, preparation of required EPC phase deliverables, Lead interfaces with various Package Vendors, prepare gap analysis against the project requirements for various control systems supplied by package vendors.
* Responsible to review security products utilized (e.g., firewalls, IDS, IPS) and determining if the proposed are configuration meets Project requirement and Industry standards.
* Responsible to review security policies, plans, and procedures; assessing network monitoring capabilities; analyzing system logs, security events, and packet captures to identify security threats; and providing recommendations and work with ICSS (Integrated control and Safety Systems) vendor to comply with applicable cybersecurity framework.
* Review administrative, technical, and physical security controls proposed by ICSS Vendor and providing recommendations to mitigate the identified security risks.
* Participate and contribute to Cyber security workshops, vulnerability, and risk assessments with ICSS Vendors to identify security risks and threats (e.g., unsecure remote access points, suspicious remote connections, unauthorized devices on the network, etc.) and providing recommendation to remediate the identified issues, Prepare Report/Update/Maintain and coordinate with all parties to close out action points.
* Review/Comments vendor submitted detailed diagrams (e.g., network, cabling, server, rack, logical architecture, etc.), procedures, and plans (e.g., implementation, SAT, mitigation, etc.) as needed to support projects.
* Responsible to handle Technical Queries/issues from all stake holders, document review/approval of Automation & Package vendors, certification requirements if any, participate in regular meetings with vendors & Client/JV Partner.
* Responsible to lead and participate in ICSS cyber security test at ICSS and package Vendor test locations, Responsible to accept the test and signoff reports.
* Responsible for coordination with client, PMCs, consortium partners, subcontractors, other discipline engineers and Project team.
* Participating in cross-functional and inter-office meetings to provide design inputs to Engineering team.
* Proactively identify and mitigate technical risks during project stage.
* Travel to the client's site/ JV Partner location as and when required.
* Support the construction, commissioning, and start-up activities, to ensure no delay.

ESSENTIAL QUALIFICATIONS AND SKILLS:
* Bachelor's Degree in Cyber Security /Instrument / Electrical / Electronics/ Information Technology /Computer science Engineering with a minimum of ‎15 to ‎20 years of Hands-on Work experience in Industrial Automation Projects (In Oil & Gas / Refinery/Offshore Wind Farm Projects) and familiar with all Major ICSS vendor Architecture.
* Experience in implementing large scale (multi-site) Industrial Automation network and OT cyber security.
* Have a minimum ‎5 years of experience in assessing, architecting, designing, and implementing cyber security capabilities, including incident response, threat intelligence, security monitoring, and vulnerability management.
* Deep understanding of cybersecurity terms and principles (defense-in-depth, network segmentation, security monitoring and incident response, access management, OT patch management, secure remote access, anti-malware protection etc.).
* Very good knowledge about local manufacturing and automation systems in use.
* Advanced knowledge on networking (LAN/WAN) and industrial networking including significant low-level networking experience with the TCP/IP (Transmission Control Protocol/Internet Protocol).
* Solid knowledge on IT and OT infrastructure, including ICSS security and protection.
* Current knowledge of technology capabilities and trends; types, and techniques of hacking attacks.
* A background in OT and ICS system security administration and/or development.
* Certified Information Systems Security Professional (CISSP).
* Strong understanding of cybersecurity frameworks for ICS/OT environments.
* Strong understanding of OT network communication protocols, industrial networking topologies, as well as L2/L3 networking and architecture.
* Preferable experience in NIST-SP800-‎82, IEC62443 / ISA99, NERC-CIP, IEC ‎27002, ISO/IEC ‎15408, BSI TL-‎02103, etc.
* Comprehensive knowledge of internet protocols, firewalls, proxies, and intrusion detection/prevention systems.
* Familiarity/Knowledge of the Purdue Enterprise Reference Architecture (PERA).
* An ability to work autonomously, cooperatively, and remotely from the corporate office with other locations.
* Excellent problem solving, critical thinking, and analytical skills with the ability to deconstruct problems.
* Familiarity of the threats, vulnerabilities, exploits in ICS environments, and appropriate mitigation techniques.
* Have at least any one of the following certificates:
* Certified Ethical Hacker (CEH),
* CompTIA Security+
* ISA/IEC ‎62443 Cybersecurity Specialist certification,
* Global Industrial Cyber Security Professional (GICSP).
* Preferable candidates having experience on working with Hitachi/ ABB or equivalent.
* Good presentation, training, and communication skills to both internal and external stakeholders.
* Strong time management skills including ability to meet deadlines and manage priorities.
* Effective technical writing skills in English.