Job Description

Posting Date:

19 Mar 2025

Requisition ID:

2614

Company:

NAWAH

Location:

Barakah

Posting Status:

Active Recruitment
Job Purpose

The OT Cyber Security Assurance and Risk Specialist will be responsible for ensuring ENEC Operations' compliance with the cyber security program and FANR regulations. This role involves performing security assessments, security architecture reviews, risk and vulnerability management, and managing key internal and external stakeholders to maintain a robust cyber security posture.

Key Activities, Responsibility & Accountability

OT Network and System Security assessment

Responsibilities and Accountabilities:

Analyze and assess vulnerabilities in the OT infrastructure (software, hardware and network). Investigate vulnerability remediation, alternative controls and/or best practices to remedy detected OT cyber security vulnerabilities. Conduct cyber security risk assessments and impact analysis for any changes or modifications made to critical digital assets within the Nuclear Power Plant.Security monitoring and forensics

Responsibilities and Accountabilities:

Perform security monitoring, security and data/logs analysis and compromise assessments of OT systems to detect security incidents and root causes of incidents. Investigate and utilize new technologies and processes to enhance OT security capabilities and implement improvements.Security Architecture design

Responsibilities and Accountabilities:

Perform design reviews for OT systems and provide security requirements. Support the identification of gaps and provide recommendations of how to close those gaps. Assist in the evaluation of all modifications to CDA before implementation ensuring that new/modified CDAs are reviewed and CDA assessment performed accordingly.Supports the personnel department and all correlating functions such as Information security in reporting and recommending enhanced security solutions. Ensure all Action Requests (ARs) are monitored, reviewed, actioned, and closed within agreed time parameters. Perform periodic awareness campaigns to promote safe and secure OT security behaviors on plant including procedures for using and handling Portable Mobile and Media Devices (PMMD) in the plant. Support FANR inspections with applicable data and information as required and follow up any remedial actions.Risk Assessment & Management

Responsibilities and Accountabilities:

Lead and conduct comprehensive risk assessments of the organization's information systems and infrastructure. Identify, assess, and prioritize risks to ensure effective mitigation strategies are developed and implemented. Conduct regular risk assessments and vulnerability assessments. Identify and mitigate potential security threats to the organization's information systems. Maintain and update the organization's risk register and tracks the risk entered. Perform threat modelling to anticipate potential security threats and vulnerabilities. Collaborate with business units to understand their risk tolerance and develop appropriate risk mitigation plans. Conduct third-party risk assessments to evaluate the security posture of vendors and partners. Monitor and review security controls to ensure their effectiveness in mitigating risks. Stay informed about emerging threats and vulnerabilities to proactively address potential risks. Evaluate third-party vendor security posture and ensure that their practices comply with company standards and regulatory requirements. Lead efforts to manage security risks in the supply chain Continuously improve risk management and assurance practices based on new threats, technologies, and best practices.

Responsibilities & Accountabilities (contd.)
Professional Certifications
Qualifications

Bachelor's Degree

Experience

3 years of relevant experience.
Pref -
Bachelor's Degree with 3 years' experience, Diploma, Military or Police Academy graduate with 8 years' experience, or High School with 10 years' experience
Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), ISA/IEC 62443 Cybersecurity Expert