|
Job title
|
Expert Cybersecurity
|
Grade
|
|
|
Stream
|
PT&C
|
Function
|
IDS & CI
|
|
Location
|
Oman
|
Budget control
|
*OPEX and/or CAPEX and/or Revenue amount as relevant*
|
|
Reporting to
|
VP IDS & CI
|
Direct reports
|
1
|
|
Job purpose
Lead the strategic direction, operational execution, and continuous strengthening of OQEP’s cybersecurity posture across both IT and OT environments. The role ensures that enterprise systems, operational assets, cloud platforms, and business applications are safeguarded against evolving cyber threats while enabling a secure, scalable, and compliant digital transformation for the company.
As the organization’s cybersecurity authority, the Cybersecurity Manager defines security strategy, oversees end-to-end security operations, and implements robust policies, processes, and controls to protect OQEP’s digital ecosystem. This includes managing security teams and vendors, driving proactive threat management, leading incident response capabilities, ensuring regulatory and standards compliance, and optimizing the cybersecurity technology landscape and budget.
The role acts as the technical custodian of cyber risk governance—aligning all security activities with OQEP’s Mission, Vision, Values, and national regulatory obligations, while embedding international best practices such as ISO 27001, NIST CSF, ISA/IEC 62443 for OT, and oil & gas sector cybersecurity standards.
|
|
Main Tasks and Responsibilities
- A. Cybersecurity Governance. Risk & Compliance
- Develop, update, and enforce cybersecurity policies, standards, and procedures aligned with OQEP governance frameworks, ISO 27001, NIST, and Oman regulatory requirements.
- Lead internal/external audits, risk assessments, and compliance reviews for both IT and OT domains.
- Maintain cybersecurity KPIs, KRIs, dashboards, and compliance reporting for IDS leadership.
- Oversee vendor and third-party security assurance aligned with OQEP procurement and contractual requirements.
- Support regulatory submissions and compliance with national cybersecurity mandates.
- B. Threat Management & Incident Response
- Lead incident detection, triage, containment, eradication, and forensic investigation.
- Conduct post-incident reviews, lessons learned and implement corrective/preventive actions.
- Coordinate with the OQ Corporate SOC and operational security teams to ensure readiness, threat hunting, and proactive defense measures.
- Maintain and continuously improve OQEP’s incident response playbooks and escalation procedures.
- C. Security Architecture & Technology Controls
- Review and approve security architecture for new systems, cloud services, OT systems, and enterprise applications.
- Design and optimize technical controls:
Firewalls | EDR/XDR | SIEM | SOAR | IAM | PAM | DLP | Network Segmentation | OT Security Controls
- Lead vulnerability management activities and ensure timely remediation with IT/OT teams.
- Support secure integration between OQ Corporate shared services and OQEP business systems.
- Ensure secure system configurations, hardening, and baseline enforcement across environments.
- D. Identity, Access & Data Protection
- Oversee identity and access management (IAM) lifecycle and ensure least-privilege enforcement.
- Implement data protection frameworks including encryption, tokenization, DLP, and data classification.
- Ensure privileged access is monitored, controlled, and reviewed regularly.
- E. Awareness, Resilience & Continuous Improvement
- Lead cybersecurity awareness, phishing simulations, and technical upskilling for employees and IT/OT teams.
- Embed cyber risk awareness into OQEP culture through targeted campaigns and workshops.
- Support Business Continuity (BCP), Disaster Recovery (DR), and crisis-management activities.
- Recommend improvements to strengthen overall cyber resilience and readiness.
|
|
Key interactions
Internal: IDS (IT Ops, Architecture, Data), PT&C, HSSE, Assurance, Finance & Procurement, Legal, Operations (IT/OT), Corporate Security Teams, Leadership Teams.
External: OQ Corporate Cybersecurity Services, SOC providers, vendors, OEMs, consultants, regulatory bodies (MEM, CDC, MTCIT), and third-party auditors.
|
|
Notable Working Conditions. Office environment, extensive computer screen use, sporadic visits to operation site.
|
|
Education Requirements
|
Bachelor’s degree in information security, Computer Science, Information Systems, Engineering, or a related field.
|
|
Language
|
Excellent knowledge of written, read, and spoken English (required)
|
|
Background and experience
|
Competencies and skills
|
- Minimum 8+ years of progressive experience in cybersecurity, including:
- Security operations & incident response
- Security architecture & engineering
- Risk & compliance
- Vulnerability management
- IT and OT security exposure (energy sector experience is a strong advantage)
- Experience working in critical infrastructure, oil & gas, telecom, or financial sectors is beneficial.
- Hands-on familiarity with modern security platforms (EDR, SIEM, IAM, PAM, DLP, CASB, etc.).
- Experience collaborating with SOC teams, regulators, and cross-functional stakeholders.
|
Technical Competencies
- Deep understanding of cybersecurity frameworks (ISO 27001, NIST CSF, MITRE ATT&CK).
- Strong knowledge of IT/OT network security, cloud security, and endpoint protection.
- Expertise in vulnerability management, secure configurations, and threat detection.
- Ability to design and review enterprise security architecture.
- Solid understanding of identity, access, and data protection principles.
Soft Competencies
- Strong communication skills (able to simplify complex technical risks for business stakeholders).
- Analytical and problem-solving mindset with attention to detail.
- Ability to influence, collaborate, and build trust across teams.
- High sense of ownership, resilience, and proactive risk management.
- Ability to work under pressure and lead during cyber incidents.
|
