Essential Criteria

• At least 10 years of experience in PCD/OT Cybersecurity Management Systems.
• Strong hands-on experience in at least 2 end to end ISA 62443 ISMS Implementations.
• Expertise in Establishing & Managing Cybersecurity Discipline Controls Assurance Framework (CSDCAF).
• Expertise in both PCD (End to End) Cybersecurity Risk Management, Reporting & recommending appropriate Mitigation Controls.
• Expertise in coordinating / conducting in ISA62443 / Shell DEP Audits.
• Expertise in conducting Site Security GAP Assessments & identifying Cybersecurity control weaknesses and opportunities for improvements.
• Provide regular risk briefings to senior management on the findings and develop remediation approaches.
• Expertise in Developing & Managing GRC, Deviations & Incident Management Tools & Advisory Services.
• Expertise in developing and reviewing PCD Cybersecurity Governance Documentations.
• Experience in Establishing & Managing (Tracking and Reporting) PCD Controls Implementation Projects.
• Expertise in AIPSM & PCD Incident Management & Reporting.
• Collaborate with Engineering teams to implement new PCD Cybersecurity technologies.
• Expertise in conducting PCD Cybersecurity Controls Designing / Effectiveness Assessments & recommend appropriate design / security controls.
• Expertise in developing and managing VMBs, Lean & Continuous Improvement Processes.
• Experience in harmonizing OD & PCD Cybersecurity Management Systems.
• Excellent written and oral communication skills.
• Assists in the development and knowledge transfer to Cybersecurity team members, as well as other company groups.
• Establish strong working relationships with operational sites to drive recommendations to improve the Cybersecurity posture

Technical Skills

• Experience with security technologies such as firewall, IDS/IPS, endpoint security solutions, proxies and other related security technologies.
• Experience working in security operations environments, experience with key security operations technologies such as SIEM and log aggregation (e.g., ArcSight, Splunk ES, IBM QRadaretc.).
• Experience with cyber, security engineering, security operations, computer network operations, information operations, information warfare, or topical cyber.
• Experience with Incident Response (IR), Cyber Threat Intelligence (CTI) and Threat Defense Operation (TDO) functions.
• Understand the NIST Incident Response framework.
• In-depth understanding of operating systems, network/system architecture, and IT architecture design.
• Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory.
• Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS).
• Experience with building OD/PCD Security capabilities inside SOC.
• Understanding of OD and PCD network communication protocols (including TCP/IP, UDP, DNP3, Modbus, OPC) and ability to perform packet analysis.
• Understanding of threats, vulnerabilities, and exploits in ICS environments and appropriate mitigation techniques.
• Experience with PCD Cybersecurity Solution (eg.Dragos, Claroty, Nozomi, Indegy, etc.).
• Experience with Digital Forensics.
• Experience creating Indicators of Compromise from technical sources and/or experience with Snort, YARA, or other detection technologies.

Certifications / Accreditations

• ISA62443 (IC33M, IC34M & IC37M)
• Security Certifications (GICSP, GRID, GCIP, Security+, GCIA, GCIH, OSCP, CEH, etc.)