NEOM Group Head of Industrial Cybersecurity
Job Description
<p><strong>NEOM Group Head of Industrial Cybersecurity</strong> is responsible for leading and managing the NEOM’s cybersecurity strategy for its industrial control systems, SCADA systems, automation, and IoT devices.</p><p><br></p><p>In charge of OT security (Operational Technology) and IoT security (Internet-of-Things), he/she will work closely with NEOM Group CISO and other business leaders to identify, assess, and mitigate cyber risks that could impact the company’s critical infrastructure.</p><p><br></p><p>He/she will develop and implement the OT and IoT security strategy to ensure that the company’s industrial assets and devices are secure and comply with industry standards and regulations.He/she will establish a comprehensive OT security framework (people, policies & standards, processes & tools) that enables the company to proactively identify and prioritize potential risks to NEOM’s industrial and IoT assets. </p><p><br></p><p>He/she implements appropriate controls and measures to mitigate those risks, and monitors and evaluates the effectiveness of those measures over time. He/she is a member of the Cyber Management Team, reporting directly to the Group CISO.</p><p><br></p><p><strong>Accountabilities:</strong></p><ul><li>Overall industrial cybersecurity program management.</li><li>Definition and implementation of OT and IoT security policies and standards</li><li>Implementation of an OT security control framework and a process to assess the maturity of the Group entities.</li><li>Creating & maintaining NEOM’s IoT security framework in close collaboration with related the businesses.</li><li>Implementation of procedures, tools and controls for embedding cybersecurity in industrial projects, in contracts and managing the cyber risks induced by third-parties such as SCADA and control systems vendors and operations & maintenance companies – you are responsible for:</li><li>Security-by-Design in industrial/OT and IoT projects</li><li>Third-Party Risk Management (TPRM) on the OT/IoT scope</li><li>Monitoring of compliance with the Group’s OT/IoT security policies and standards as well as compliance with cyber regulations on critical infrastructure</li><li>Controlling the security level of our industrial assets, including through on-site audits.</li><li>Follow-up of industrial security findings by Internal Audit.</li><li>Alignment with security standards – NIST, ISA/IEC 62443, and ISO 27001.</li><li>Developing & deploying IT security solutions for industrial sites, in close collaboration with the related the businesses</li><li>Contribute to the Security Awareness & Training program specifically for industrial employees, workers, or any other related stakeholders</li><li>Contribute to the reporting and the preparation of presentations to the related stakeholders</li></ul><p><br></p><p><br></p><p><strong>Responsibilities:</strong></p><ul><li>Security of SCADA systems, Industrial Control Systems (ICS), Distributed Control Systems (DCS); secure separation of OT and IT, digital twins, IT & OT connectivity,</li><li>Internet of Things (loT) security,</li><li>Security of CCTV, access control, building management systems and other non-IT equipment using IP network connectivity</li><li>Works in very close collaboration with NEOM sectors, regions, Business Units, plant managers, Research & Innovation, as well as external stakeholders</li></ul><p><br></p><p><strong>REQUIRED QUALIFICATIONS:</strong></p><p><br></p><p><strong>Education</strong></p><ul><li>Bachelor’s or Master’s degree in Engineering, Computer Science, or related field.</li><li>A Master’s Degree in Cybersecurity, Risk Management or related discipline, or in Business Administration (MBA) is a plus.</li><li>GICSP, CISM, CISSP or equivalent certification required.</li><li>Academic qualification or professional training and experience in legal and regulatory areas is also a plus.</li></ul><p><br></p><p><strong>Work experience</strong></p><ul><li>Senior position (Director level), requiring at least 15 years of business experience, ideally in operations, control & instrumentation (C&I), plant management, health & safety, or security – recently at or near executive level (e.g. COO, CISO…).</li><li>At least 5 years specifically in industrial cybersecurity management roles.</li><li>Experience in OT and optionally IoT security, including experience in managing security for industrial control systems and automation.</li><li>Experience in developing and implementing security strategies and policies for OT and optionally IoT environments.</li><li>At least 5 years of progressive leadership experience in leading cross-functional teams and enterprise-wide programs, operating and influencing effectively across the organization and within complex contexts.</li></ul><p><br></p><p><strong>Specific skills</strong></p><ul><li>Strong leadership, communication, and interpersonal skills.</li><li>Ability to think strategically and translate business goals into actionable security plans.</li><li>Strong analytical and problem-solving skills.</li><li>Excellent verbal and written communication skills in English and the ability to communicate effectively with all levels of the organization.</li><li>Ability to work in complex, international environments and matrixed organizations.</li><li>Ability to work under high pressure (e.g. in case of cyber crisis).</li></ul><p><br></p><p><strong>Specific knowledge</strong></p><ul><li>In-depth knowledge of Operational Technology, Industrial Control Systems, SCADA systems and the associated networking and communication protocols.</li><li>In-depth knowledge of security frameworks, such as NIST, ISA/IEC 62443, and ISO 27001.</li><li>Good understanding of OT network architectures.</li><li>Experience in conducting risk assessments and vulnerability testing.</li><li>Knowledge of critical infrastructure cyber regulations</li><li>Knowledge of OT security solutions (Claroty, Nozomi, CyberX, Tenable etc.) is an asset.</li><li>Knowledge of IoT standards and protocols is a plus.</li></ul><p></p>
