• JOB PURPOSE:

Lead & Manage Business Conduct Assurance in the Information Technology domain covering both Digital & Cyber Security (IT Environment) and Operational Technologies (Industrial Control System & SCADA). Conduct compliance assurance verification at HQ and all operational sites, develop annual compliance programs & strategy, identify the scope / Key Risk Areas, supervise and manage the external SMEs, analyze the audit outcomes, generate key insights, prepare final audit reports and presentations, conduct trend analysis and provide high level actionable recommendations.

• KEY ACCOUNTABILITIES:

Job Specific Accountabilities

• Lead and manage IT & OT discipline compliance assurance function, develop compliance programs & strategy.
• Act as a subject matter expert for Digital & Cyber Security and Operational Technologies and provide recommendation to derive digital excellence in the company and assurance of all IT operations and information security.
• Take lead role in developing annual IT BCA (Business Conduct Assurance) plan for both IT and OT .
• As part of developing annual plan, finalize Key Risk Areas to be verified, based on latest 5-year ADNOC Offshore Business Plan, Level 1 KPIs, Previous Verification Findings, Risk Register etc.
• Take measures to help protect and maintain confidentiality of company data and information systems from internal and external threats by recommending the implementation and maintaining Best-Of-Breed Cyber Security technologies.
• Exploring new technologies, which can add value to the company to ensure the availability, integrity and secure operations of the company IT environment and systems per best practices/guidelines.
• Prepare IT & OT assurance verification checklists with reference to Company Policies, Standards & Procedures, applicable national and international standards like: UAE Information Assurance Regulation (NESA), IEC 62443 (Security for Industrial Automation and Control Systems), ISO 27001 (Information Technology - Security Techniques - Information Security Management Systems - Requirements) etc.
• Develop the scope of work and requirements for external SMEs.
• Liaise with contractors to secure well qualified and experienced subject matter expert to support ADNOC OFFSHORE team in conducting the verifications when required.
• Review the CVs of SMEs submitted by the Contractor and conduct interview of shortlisted candidates.
• Conduct meetings with the selected SME to make them understand the Scope of Work, Key Risk Areas and reference standards & procedures before the start of verifications.
• Attend pre-readiness meetings and readiness meetings and conduct verifications.
• Identify existing and anticipated risks through verifications: related to IT & OT System vulnerabilities, outdated operating systems / antivirus software, patch management, Backup and restore management, physical security, system logs, SIEM (Security Information and Event Management) etc.
• Verify through the existence of Disaster Recovery (DR) solution the highest levels of availability, performance, and continuity of the IT & OT infrastructure systems and services at all sites and HQ Business Unites / divisions.
• Verify the compliance of the company IT and all Sites Information Security, services, Operations Security, and IT Assets with company policies, IT standards, and UAE National Electronic Security Authority (NESA) standards and regulations to ensure the highest levels of Information security of the IT infrastructure systems and services at all sites and HQ Business Unites / divisions.
• Ensure through verification the efficient operations of IT infrastructure systems, Applications, Databases, Networks, Telecoms, Operations Security, IT Equipment\'s and services.
• Ensure through verification the maintenance of IT Hardware, Software, Operating Systems, Databases.
• Prepare preliminary verification report, participate in alignment sessions with Auditees and once aligned, issue the final verification report.
• Ensure that the IT BCA Verification reports are issued in a timely manner.
• Follow up for timely closeout of open action items related to IT and OT. Review action plans received against open findings and validate the same based on the evidence received.
• Maintain verification findings in a database using the current MS Access or other DB application.
• Support the concerned user divisions in close-out of Non-Conformances in a timely manner and maintain the compliance status of respective divisions.
• Provide advice about IT risk management and compliance procedure.
• Consult on IT / OT (Operations Technology) / ICS (Industrial Control System) security matters as and when needed.
• Efficiently execute the verifications within the defined time frame as per the annual verification plan.
• Update Business Assurance dashboard with the status of the findings and update senior management with the outcome.
• Register lessons learned from IT / OT verifications and share the same with team members.
• Contributes to the overall success of ADNOC Offshore Corporate Assurance Division by working as a team member on audits and special projects and performing all other duties and responsibilities as assigned.
• Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, and attending training and/or courses as required by the CAD Management.
• Contribute to identifying, establishing, and delivering Corporate Assurance Division\'s Performance scorecards, and its Milestones and Strategic Initiatives related to technical assurance.
• Supervision
• Plan, supervise and coordinate all activities in the assigned area to meet functional objectives.
• Train and develop the assigned staff on relevant skills to enable them to become proficient on the job and deliver the respective section objectives.
• Budgets
• Provide input for preparation of the Section / Department budgets and assist in the implementation of the approved Budget and work plans to deliver Section objectives.
• Investigate and highlight any significant variances to support effective performance and cost control.
• Policies, Systems, Processes & Procedures
• Implement approved Section / Department policies, processes, systems, standards and procedures in order to support execution of the Section\'s / Department work programs in line with Company and International standards.
• Comply with all applicable legislation and legal regulations.
• Performance Management
• Contribute to the achievement of the approved Performance Objectives for the Section / Department in line with the Company Performance framework.
• Innovation and Continuous Improvement
• Provides new initiatives towards improving Quality in all Business areas.
• Design and implement new tools and techniques to improve the quality and efficiency of operational processes.
• Identify improvement in internal processes against best practices in pursuit of greater efficiency in line with ISO standards in order to define intelligent solutions for issues confronting the function.
• Health, Safety, Environment (HSE) and Sustainability
• Comply with relevant HSE policies, procedures & controls and applicable legislation and sustainability guidelines in line with international standards, best practices and ADNOC Code of Practices.
• Reports

Provide inputs to prepare progress reports for company management. * COMMUNICATIONS & WORKING RELATIONSHIPS:

• Internal
• Frequent Communication with VP\'s, Managers, Team Leaders within all the company Business Units and provide advice for all IT (Digital & Cyber Security) and Operational Technology Assurance related issues.
• Liaise with Auditee divisions for timely closeout of open findings.
• External
• Communicate with external consultants to source IT / OT SMEs as and when required.
• QUALIFICATIONS, EXPERIENCE, KNOWLEDGE & SKILLS:
• Minimum Qualification
• Bachelor\'s Degree in Computer Science, Instrumentation & Control, IT, Systems Engineering, or related qualification .
• Minimum Experience, Knowledge & Skills
• 8 - 9 years of experience in IT and OT, preferably in Oil and Gas Industry.
• Working knowledge of ISO 27001 (Information Technology - Security Techniques - Information Security Management Systems - Requirements).
• Working knowledge of IEC 62443 (Security for Industrial Automation and Control Systems).
• Should possess good communication & report writing skills.

eFinancialcareers