• Develop and maintain information security procedures / guidelines.
• Ensuring compliance to group policies, Standards, manuals, etc.
• Provide support in the implementation, maintenance, and continuous improvement of the ISMS.
• Work with stakeholders to identify risks, conduct risk assessments and develop risk mitigation strategies.
• Conduct internal audits and coordinate external audits.
• Analyse security incidents and provide recommendations for corrective actions.
• Provide security training and awareness to employees.
• Enforcement of data classification.
• Ensuring compliance to regulatory standards and international standards.
• Communicating with related stakeholders to fix vulnerabilities, address risks and compliance actions.
• Keep abreast of industry developments, trends, and emerging threats in the field of information security.
• Liaise with third-party vendors and stakeholders to ensure compliance with the ISMS.

• Bachelors degree in information security, Computer Science, Electronics / Instrumentation Engineering or similar discipline/related field.
• More than 10 years of experience in information security and ISMS/CSMS development and implementation with at least 5 years of experience in IT/OT Cybersecurity consultancy/Operation preferably in the oil and gas domain
• Strong analytical and problem-solving skills.
• Has worked on enterprise-wide projects within organizations with similar project scopes.
• Excellent written and verbal communication skills in English
• Ability to work independently and as part of a team.
• Experience with security frameworks and standards (e.g., UAE IAS, ISA 62443, NIST, Shell DEP, ITIL etc.)
• Professional security certifications such as GICSP, CISSP, CISM,CISA, ISA 62443 fundamentals or ISO 27001 Lead Implementer/Lead Auditor.
• Content development and Fine tuning of use cases/correlation rules based on the relevant attacks and threat landscape of the OT network and Organization.

Duncan & Ross