Job Title: Cybersecurity SME
Location: Qatar

Role Overview:

The Cybersecurity Subject Matter Expert (SME) will be responsible for leading the development, design, and implementation of robust cybersecurity controls and systems for Industrial Control Systems (ICS) and IT/OT environments in accordance with the client's standards, national regulations, and international best practices. The SME will work closely with internal teams, vendors, contractors, and stakeholders throughout the EPIC phase and beyond, ensuring compliance, effectiveness, and resilience of cybersecurity solutions.

Key Responsibilities:

1. Cybersecurity Review & Workshop Leadership

   • Lead and facilitate cybersecurity design and review workshops.

   • Align proposed solutions with reference architecture and security requirements.

2. Cybersecurity Requirements Design

   • Develop cybersecurity input aligned with project specifications and Procurement Language (QSDL-ITP-018).

   • Design comprehensive security controls covering IAM, system/network hardening, monitoring, patch management, malware protection, business continuity, etc.

3. Documentation & Compliance

   • Prepare solution designs, technical clarifications, and Bills of Materials (BoM).

   • Ensure all cybersecurity designs meet Information Security Standards, QNISS v3.1, Shell DEP 32.01.20.12, and ISA/IEC 62443.

4. Testing & Assessment

   • Define and document cybersecurity testing requirements for FAT, SAT, and operational phases.

   • Support risk and vulnerability assessments, penetration testing, and risk treatment plans.

5. Incident Management & Awareness

   • Participate in Information Security Audits, Awareness Campaigns, and ISIRT activities.

   • Report and escalate suspected security incidents promptly.

6. System Design & Hardening

   • Develop network architecture diagrams, traffic flows, and data flow maps for ICS networks (ISA-95, multi-tier architecture).

   • Specify system hardening measures (e.g. port disabling, OS/software minimization, account lockdowns).

7. Security Control Enforcement

   • Implement controls for identity/access management, user policies, and secure credential handling.

   • Ensure integration of log management, asset inventory, backup/restore, anomaly detection, patching, etc.

8. Technical Justification & Exceptions

   • Prepare compliance tables and exception requests for deviations from mandatory standards.

   • Recommend compensating controls or risk mitigation strategies for non-compliant items.

9. Lifecycle Security Management

   • Maintain procedures for the deployed solutions and ensure ongoing security control effectiveness.

   • Support post-deployment cybersecurity updates across brownfield and new facilities.

Minimum Requirements:

Education:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.

Experience:

• Minimum 15+ years in cybersecurity or IT security roles, ideally within industrial/OT/ICS environments.

• Proven experience in:

  • ICS cybersecurity compliance and architecture design.

  • Network segmentation and secure ICS/OT systems (DCS, ESD, FGS, PCS).

  • Leading cybersecurity workshops and risk reviews in Oil & Gas or Energy sectors.

Certifications (preferred but not mandatory):

• CISSP, CISM, CEH, GICSP, or equivalent cybersecurity credentials.

Technical Skills:

• Familiarity with Qatar National ICS Security Standard (QNISS), QSDL-ITP-017/018, ISA/IEC 62443, and Shell DEP.

• Experience with cybersecurity tools for vulnerability scanning, log management, identity management, etc.

• Strong knowledge of system hardening, secure architecture, and cybersecurity testing.

Soft Skills:

• Excellent written and verbal communication.

• Strong leadership, collaboration, and stakeholder management skills.

• Able to handle compliance documentation and present technical designs effectively.