EY is seeking an experienced and passionate Cyber OT (Operational Technologies), Industrial Control Systems (ICS) security and / or IoT expert to join a world leading practice focused on protecting mission critical systems and national critical infrastructures. This role is a critical part of an operational service to protect some of the world’s leading organizations from Cyber threats that span more than just IT. The successful candidate will work closely with the regional cyber leadership. The candidate is expected to possess strong knowledge and skills on OT/ICS security
As an assistant Manager in Cyber security, you’ll support in preparing presentations and in designing proposals and solutions for moderately complex projects – or for elements of highly complex projects – and provide subject matter insight to bids and proposals.
Drawing on your skills and experience, you’ll contribute to creating innovative commercial insights for clients, adapt methods and practices to fit operational team and cultural needs, and contribute to thought leadership. In addition, you’ll support the packaging of overall project findings into clear, concise, high-quality work products.
While reporting to the MENA Cyber Security leadership, you will contributing as a subject matter resource for OT/ICS Cyber Security topics applicable to EY’s Cyber Security Strategy.
As a respected senior professional, you’ll communicate effectively with EY’s engagement partners and managers and work to build, manage and motivate high-performing teams.
· Participate in cyber Security transformational and long term strategic engagements
· Be able to advocate innovative cyber security offerings
· Understand all Ernst & Young service offerings and actively identify opportunities to better serve clients
· Build strong internal relationships within Ernst & Young Advisory Services and with other services across the organization.
Technical skill requirements:
You will have at minimum 4 years of experience in Information and security and OT/ICS cyber security preferably with the Oil and Gas, Power and Utilities sector with subject matter expertise:
· Solid Knowledge of the OT and ICS security domain
· Solid experience in ICS/OT products and technologies, hardware and software including, but not limited to Honeywell, GE, Siemens and ABB product families and platforms
· Strong understanding of the complex and sensitive nature of ICS/SCADA environments
· Capable of Evaluating the cyber risks to SCADA, DCS, Smart Grids, DMS, and ECS systems architectures
· Solid understanding of the relevant industries production processes and operational procedures
· Solid knowledge of Industrial networking protocols security such as DNP3, Modbus, Profinet, ZigBee..etc.
· In depth endpoint OS and Server OS knowledge
· Strong analytical and problem solving skills
· Knowledge of OT Capable SIEM, security events logging and monitoring technologies and platforms such as Splunk, Arcsight, QRadar or others
· Experience in deploying of unidirectional firewalls, host based firewalls, Anti-Malware, HIDS in plant and operational environments
· Awareness of Network monitoring technology platforms such as Fidelis XPS, RSA or others
· Awareness of End point protection tools, hardening techniques and platforms such as CarbonBlack, Symantec, McAfee or others
· Solid understanding of applicable best practices and security standards such as NERC-CIP, ISA99 (IEC 62443), NIST 800-82, Qatar’s National ICS security standard…etc
· Internationally recognized technical certifications in relevant areas
· Good understanding of plant Process systems, plant safety and plant integrity systems and solutions.
· Bachelor degree in Electronics Technology, Computer Engineering, Electrical engineering, mechatronics or similar specialization in the electronics, PLC, wireless (radio), networking, and/or ICS technology field
· Demonstrated track record with a blue chip consulting organization and/or a blue chip organization
· Demonstrated experience in business development and account management
· Relevant professional qualifications such as CISSP, GICSP, ISA99, ISO 27001, CCSA, CCSE, CCSP, EC-Council Ethical Hacker