Assistant Manager - Cyber Security - Technology Consulting - IT/OT

EY is seeking a passionate Cyber OT (Operational Technologies), Industrial Control Systems (ICS) security and / or IoT expert to join a world leading practice focused on protecting mission critical systems and national critical infrastructures. This role is a critical part of an operational service to protect some of the world’s leading organizations from Cyber threats that span more than just IT. The successful candidate will work closely with the regional cyber leadership. The candidate is expected to possess strong knowledge and skills on OT/ICS security

As a Senior Consultant in Cyber security, you will be supporting in preparing solutions for moderately complex projects or for elements of highly complex projects. Also, you will be supporting client presentations as well as designing proposals. Furthermore, you will be engaged in on-site and off-site delivery.

Drawing on your skills and experience, you will contribute to creating innovative insights for clients, adapt methods and practices to fit operational team and cultural needs, and contribute to thought leadership. In addition, you will support the packaging of overall project findings into clear, concise, high-quality work products.

While reporting to the AIM “Africa, India and Middle East” Cyber Security leadership, you will be contributing as a subject matter resource for OT/ICS Cyber Security topics applicable to EY’s Cyber Security Strategy.

As a respected senior professional, you will communicate effectively with EY’s engagement Assistant Managers, directors, and partners.

Business responsibilities

Participate in OT/ICS cyber Security transformational and long-term strategic engagements

Be able to advocate innovative cyber security offerings

Be able to translate audit points into tangible action items for closure

Understand all Ernst & Young service offerings and actively identify opportunities to better serve clients

Build strong internal relationships within Ernst & Young Advisory Services and with other services across the organization.

Technical skills requirements

You will have at minimum 5 years of experience in Information security and OT/ICS cyber security preferably within the Oil and Gas, Power and Utilities Sectors and capable of demonstrating knowledge in some of the below areas:

Solid Knowledge of the OT and ICS security domains

Experience in ICS/OT products and technologies, hardware and software including, but not limited to Honeywell, GE, Siemens and ABB product families and platforms

Strong understanding of the complex and sensitive nature of ICS/SCADA environments

Capable of Evaluating the cyber risks to SCADA, DCS, Smart Grids, DMS, and ECS systems architectures

Solid understanding of the relevant industries production processes and operational procedures

Solid knowledge of Industrial networking protocols security such as DNP3, Modbus, Profinet, ZigBee, IEC 104..etc.

Cyber OT endpoint OS and Server OS knowledge

Strong analytical and problem-solving skills

Knowledge of OT Capable SIEM, security events logging and monitoring technologies and platforms such as Nextnine, Industrial defender, Splunk, Arcsight, QRadar or others

Experience in deploying of unidirectional firewalls, host based firewalls, Anti-Malware, HIDS in plant and operational environments

Awareness of Network monitoring technology platforms such as Fidelis XPS, RSA or others

Solid understanding of applicable best practices and security standards such as NERC-CIP, ISA99 (IEC 62443), NIST 800-82, Qatar’s National ICS security standard…etc

Internationally recognized technical certifications in relevant areas

Good understanding of plant Process systems, plant safety and plant integrity systems and solutions

Certified as GICSP “Global Industrial Control Systems Professional” is highly recommended.

Additional requirements

Bachelor’s degree in Electronics Technology, Computer Engineering, Electrical engineering, mechatronics or similar specialization in the electronics, PLC, wireless (radio), networking, and/or ICS technology field

Demonstrated track record with a blue chip consulting organization and/or a blue chip organization is appreciated

Relevant professional qualifications such as CISSP, ISA99 certifications, ISO 27001, CCSA, CCSE, CRISC, CCSP, EC-Council Ethical Hacker.