Senior Officer, Business Conduct Assurance (IT)

Summary of the Role:

The Senior Officer Business Conduct Assurance (IT/OT) plays a critical role in evaluating the cybersecurity, resilience and compliance of Industrial Controls Systems and IT infrastructure.

Key Roles:

Develop annual plan, finalize Key Risk Areas to be verified - based on latest 5-year ADNOC Offshore Business Plan, Level 1 KPIs, Previous Verification Findings, Risk Register etc.

Lead and manage ICS/OT & IT Compliance Verifications:

Review system hardening configurations for controls systems and IT infrastructure.

Validate network segmentation and firewall configuration across IT-OT interfaces, DMZ zones and remote access points.

Verify user access controls, including role based access, shared account usage and password policies.

Assess backup and recovery mechanisms for both OT & IT.

Examine logging and monitoring configurations to ensure critical ICS and IT events are captured in SIEM / centralized logs.

Review vulnerability management processes, including scan coverage, remediation tracking and compensating control deployment.

Confirm adherence to compliance requirements as per NESA, IEC 62443, ISO 27001 and ADNOC cybersecurity governance standards / policies.

Evaluate Incident Response preparedness including availability of site specific IR plans and conducting periodical drills.

Key Challenges:

• Managing complexity of varied ICS and IT systems
• Interfacing across field operations, cybersecurity and Digital Division
• Limited visibility into legacy configurations
• Balancing cybersecurity best practices with operational safety and availability.
  
  

Key Success Factors:

• Ability to identify real world OT risks and provide practical, actionable recommendations.
• Clear & accurate reporting of gaps / findings / verification outcomes
  
  

Commitment to continuous learning and adaptation in evolving IT/ OT environments.

• Gain good understanding of ADNOC Offshore’s ICS/OT systems and IT Landscape.
• Lead & Manage Business Conduct Assurance in the Information Technology domain covering both Digital & Cyber Security (IT Environment) and Operational Technologies (Industrial Control System & SCADA).
• Conduct compliance assurance verification at HQ and all operational sites, develop annual compliance programs & strategy, identify the scope / Key Risk Areas, supervise and manage the external SMEs, analyze the audit outcomes, generate key insights, prepare final audit reports and presentations, conduct trend analysis and provide high level actionable recommendations.
  
  

Contribute to improving verification checklist.

Opportunity to progress into ICS-OT Specialist.

Potential Transition to ICS/OT Risk Management, OT Security Governance & Compliance roles across ADNOC Offshore / ADNOC.

Key Functional Experience:

• 2-5 years of hands on experience with DCS / ICS systems (e.g., Yokogawa, Honeywell, ABB, Emerson etc.) plus exposure to core IT systems (servers, firewalls etc.)
• Experience with ICS/OT audits, IT security configuration reviews and risk assessments.
• Experience in reviewing network / architecture diagrams, firewall rules, system hardening checklists and SIEM alerts.
• Familiarity with compliance standards: UAE Information Assurance Regulation (NESA), IEC 62443, ISO 27001.
  
  

Possible Position Titles in external organizations:

• Cybersecurity Auditor – IT/OT
• OT Compliance Engineer
• IT Risks & Controls Analyst
  
  

Cyber Risk Consultant – Industrial Systems.

Essential Skills

• Strong understanding of ICS/OT architectures (DCS, SCADA, PLC, RTUs) and IT infrastructure (servers, switches, Active Directory)
• Experience in conducting IT / OT compliance verifications
• Working knowledge of UAE Information Assurance Regulation, IEC 62443, ISO 27001 and Internal (Company) security frameworks / policies.
• Ability to review network segmentation, access control, patching status, antivirus configuration baselines across IT/OT
• Report writing skills.
  
  

Desirable Skills

• Certifications: GICSP (Global Industrial Cyber Security Professional), CISSP (Certified Information Systems Security Professional), Certified IEC62443 Cybersecurity Expert, CISA (Certified Information Systems Auditor) or ISO 27001 Lead Auditor.
• Exposure to SIEM / SOC operations
• Familiarity with ICS Security Tools (e.g., Claroty, Nozomi) and IT security platforms (e.g., Splunk, QRadar etc.)
  
  

Minimum Required

• Bachelor’s degree in computer science, system engineering , Instrumentation and Control with at least 8-9 years of experience in IT /OT , preferably in oil and gas industry
• Working knowledge of UAE Information Assurance Regulation (NESA) & ISO 27001 (Information Technology – Security Techniques – Information Security Management Systems – Requirements).
• Working knowledge of IEC 62443 (Security for Industrial Automation and Control Systems).
  
  

27454