Lead-Refinery Operational Technology

1. DUTIES & RESPONSIBILITIES

 

  AREAS ACTIVITIES

1

 

 

 

 

 

 

 

 

 

 

2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4

 

 

 

 

 

 

 

 

5

 

 

 

LEADERSHIP

 

 

 

 

 

 

 

 

 

 

GOVERNANCE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RISK ASSESSMENT & OTHER ASSESSMENTS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SUPPLY CHAIN RISK MANAGEMENT

 

 

 

 

 

 

 

MISCELLANEOUS

 

 

 

 

 

• Perform other duties as assigned to ensure the smooth functioning of the department. 
• Operate with a high degree of independence with regard to project management activities for OT Security, including development of project plans and resource estimates.
• Understand, assist and co-ordinate for legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations for OT

 

• Develop and share Weekly, Monthly and Yearly reports with Head – Information Security, showcasing status and posture of Information Security Program at OT in Nayara Energy
• Develop and maintain Information Security Online Dashboard for Information Security
• Recommend & implement Information Security Metrics Program for continuous monitoring and assessing the effectiveness of Information Security controls at OT
• Co-ordinate with relevant OT functions to collect required data for the Information Security Metrics Program
• Assist Head Information Security to design, implement, and maintain Nayara’s cybersecurity plan and Information Security Program at Refinery.
• Assist Head Information Security for other governance activities.

 

• Identify and document asset vulnerabilities and threats (internal and external).
• Receive cyber threat intelligence from information sharing forums and sources.
• Identify potential business impacts and likelihoods.
• Use threats, vulnerabilities, likelihoods, and impacts to determine risk.
• Identify and prioritize risk responses.
• Suggest risk mitigations & OT controls and ensuring information security best practices are designed, implemented and monitored.
• Co-ordinate for Risk Assessment of Business Function’s OT systems 
• Benchmark and compare security practices with the industry. Demonstrate knowledge, Implementation, operations and maintenance of information security standards and frameworks like NIST Cyber Security Framework, ISO/IEC 27001, COBIT, ITIL, ISA/IEC 62443 etc. as applicable.
• Perform various Cybersecurity assessments covering OT network and IT-OT intersection points as suggested by Head Information Security
• Developing methodology for OT Security Testing in discussion with Head Information Security
• Leads, designs, and implements improvements in OT Cybersecurity threat monitoring, attack response methods, and incident response plans

 

• Assist/Recommend in Development & Implementation of Information/Cyber Security Supply Chain Risk Management framework
• Assist Head Information Security to ensure organizational stakeholders identify, establish, assess, manage, & agree to cyber supply chain risk management processes.

 

 

• Perform analysis of the architecture and infrastructure of Industrial Control Systems (SCADA / DCS / DMS/ IIoT) in terms of cyber security
• Develop security focused IT-OT integrated architecture as per leading OT / ICS cyber security standard
• Design and implement Cybersecurity solutions for Industrial Control Systems
• Support ICS security projects within a Security Transformation program

1. DUTIES & RESPONSIBILITIES

 

  AREAS ACTIVITIES

1

 

 

 

 

 

 

 

 

 

 

2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4

 

 

 

 

 

 

 

 

5

 

 

 

LEADERSHIP

 

 

 

 

 

 

 

 

 

 

GOVERNANCE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RISK ASSESSMENT & OTHER ASSESSMENTS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SUPPLY CHAIN RISK MANAGEMENT

 

 

 

 

 

 

 

MISCELLANEOUS

 

 

 

 

 

• Perform other duties as assigned to ensure the smooth functioning of the department. 
• Operate with a high degree of independence with regard to project management activities for OT Security, including development of project plans and resource estimates.
• Understand, assist and co-ordinate for legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations for OT

 

• Develop and share Weekly, Monthly and Yearly reports with Head – Information Security, showcasing status and posture of Information Security Program at OT in Nayara Energy
• Develop and maintain Information Security Online Dashboard for Information Security
• Recommend & implement Information Security Metrics Program for continuous monitoring and assessing the effectiveness of Information Security controls at OT
• Co-ordinate with relevant OT functions to collect required data for the Information Security Metrics Program
• Assist Head Information Security to design, implement, and maintain Nayara’s cybersecurity plan and Information Security Program at Refinery.
• Assist Head Information Security for other governance activities.

 

• Identify and document asset vulnerabilities and threats (internal and external).
• Receive cyber threat intelligence from information sharing forums and sources.
• Identify potential business impacts and likelihoods.
• Use threats, vulnerabilities, likelihoods, and impacts to determine risk.
• Identify and prioritize risk responses.
• Suggest risk mitigations & OT controls and ensuring information security best practices are designed, implemented and monitored.
• Co-ordinate for Risk Assessment of Business Function’s OT systems 
• Benchmark and compare security practices with the industry. Demonstrate knowledge, Implementation, operations and maintenance of information security standards and frameworks like NIST Cyber Security Framework, ISO/IEC 27001, COBIT, ITIL, ISA/IEC 62443 etc. as applicable.
• Perform various Cybersecurity assessments covering OT network and IT-OT intersection points as suggested by Head Information Security
• Developing methodology for OT Security Testing in discussion with Head Information Security
• Leads, designs, and implements improvements in OT Cybersecurity threat monitoring, attack response methods, and incident response plans

 

• Assist/Recommend in Development & Implementation of Information/Cyber Security Supply Chain Risk Management framework
• Assist Head Information Security to ensure organizational stakeholders identify, establish, assess, manage, & agree to cyber supply chain risk management processes.

 

 

• Perform analysis of the architecture and infrastructure of Industrial Control Systems (SCADA / DCS / DMS/ IIoT) in terms of cyber security
• Develop security focused IT-OT integrated architecture as per leading OT / ICS cyber security standard
• Design and implement Cybersecurity solutions for Industrial Control Systems
• Support ICS security projects within a Security Transformation program

1. SKILLS & KNOWLEDGE

• A degree in Industrial Engineering / Instrumentation engineering or BE with certifications in cybersecurity domain preferred
• Relevant professional qualifications such as CISSP, ISA99 certifications, ISO 27001, CCSA, CCSE, CRISC, CCSP, GICSP, IEC 62443CISA / CISSP / CSP / ISO 27001 – Lead Auditor certification (s).
• Master’s degree in business administration or a qualification with focus in Risk Management / Information Security. (For e.g., COBIT Assessor, ITIL – Intermediate, CRISC, MBCP etc.
• 12 - 14 years of experience working in Refinery Automation the Cyber security domain with a minimum of 3 years in the Industrial automation and controls space