Overview

The organisation seeks an experienced IACS (Industrial Automation and Control Systems) Cyber Security Programme Manager to take over the management of its IACS Cyber Security Compliance Programme.  This programme of work commenced in 2018 to secure the company’s oil and gas assets in conformance with OG-86 and the NIS Directive. 

Currently, the scope covers a single producing asset, three assets in their decommissioning phase, and a terminal in the Shetland Isles.  This terminal is classed as UK critical infrastructure, which comes under the NIS Directive, and makes the company an Operator of Essential Services in relation to that terminal.  The programme is in the process of applying a number of Cyber Security controls across its assets to ensure compliance with OG86 and NIS D, and is

Main duties and responsibilities

• The role will involve directly managing project resources in the completion of project work-packages, signing off project work-packages completed by project resources and managing project supplier performance.
• Work with all relevant business stakeholders to ensure that business input and buy-in is obtained.
• Ensure that all work is correctly scoped and business impacts and timelines are understood and agreed.
• Take ownership of all aspects of the programme / project and understand that they are responsible for successful delivery, finding solutions for problems and threats to delivery.
• Issue resolution – ability to takes ownership of issues and who can manage and co-ordinate resources to ensure they are worked through to resolution.

Skills, Experience and Qualifications

• Ideally, holds a degree and a certification / qualification in project management, e.g. PRINCE2 or PMP; alternatively, proven experience and a strong track record of successful project delivery.
• Holds a security certification (e.g. GICSP, CISM, CISSP, CCSP).
• Cybersecurity experience, particularly in securing critical infrastructure/ ICS, OT (to include PCS, SCADA systems, PLCs, RTUs, etc.).
• Ability to apply skills across a broad range of cybersecurity domains (i.e. Network, Endpoint, Application, Encryption, Firewalls, User Access, Remote Access).
• Familiarity with ICS-related communications protocols (e.g., Ethernet, MODBUS, DNP3, S7, etc.).
• Familiarity with engineering security solutions for real-time and/or performance-sensitive systems.
• Experience in gap analysis or maturity analysis and security risk assessment, specifically in the IACS domain.
• Experience completing cybersecurity assessments based on frameworks such as NIST 800- 53/800-82, IEC 62433, NEI 08-09, ISA, etc.
• Experience with using common information security management frameworks, such as GDPR, ISO 27000 Series, the IT Infrastructure Library (ITIL), the ISF Standards of Good Practice (SoGP) and ISACA’s Control Objectives for Information and related Technology (COBIT).
• Experience of working with UK Frameworks such as OG-86 and NIS D.
• Experienced in vulnerability scanning or analysis of ICS/OT systems and networks.
• Working knowledge of system security design process, defence-in-depth/breadth, engineering lifecycle, information domains, cross-domain solutions, identification, authentication, and authorization, system integration, risk management, intrusion detection.
• Hybrid IT/Infosec and OT/Cybersec skillset and experience coming from either from an ICS and automation/Electrical Engineering background or an IT and Security Infrastructure engineering background.
• Proficiency in defining and measuring security KPIs and developing security roadmaps.
• Demonstrate proficiency in programme strategy and execution within the business and security domains.
• Ability to anticipate and mitigate risk by conducting assessments across the programme to determine if the implementation plans meet stakeholder requirements and will achieve strategic objectives.
• Strong oil & gas sector experience with good domain and business process knowledge.
• Strong Programme and Project Management experience, with strong skills across the knowledge areas of integration management, scope management, time management, cost management, quality management, people management, communications management, stakeholder management, risk management and procurement management.
• Good understanding of commercial / procurement processes involved in projects and programmes.
• Strong experience of managing third-party vendors, and remote workers, to deliver work-scopes to time and budget.
• Strong people management skills, with the ability to “bring people along” with them.
• Strong skills and experience in managing business change, with evidence of that in past project delivery.
• Ensures all change is appropriately and successfully managed, following all required EnQuest processes relating to business change, engineering change (MoEC) and OT / IT change.
• Resilient, self-motivated, self-sufficient, well organised and ‘flexible’ character, who can work with minimal supervision and direction, and who is unfazed by the challenges and difficulties which inevitably arise in a complex project or programme.