Job description

Join EY’s world-leading practice protecting mission critical systems and national critical infrastructure across the GCC and wider MENA region. The role reports to MENA Cyber Security leadership, contributes as a subject matter resource for OT/ICS Cyber Security topics within EY’s Cyber Security Strategy, and entails extensive client travel of 50–80% across GCC/MENA. As a consulting leader, the director supports executives in business development by preparing presentations and designing proposals and solutions for moderately complex projects (and elements of highly complex projects), provides subject matter insight to bids and proposals, creates innovative commercial insights, adapts methods and practices to operational team and cultural needs, contributes to thought leadership, and packages overall project findings into clear, concise, high-quality work products. Engagement delivery responsibilities include leading and delivering DPP and cybersecurity engagements with very minimal supervision; ensuring delivery and quality of final reports; communicating effectively with engagement partners and managers; and building, managing, and motivating high-performing teams. The domain requires solid knowledge of OT and ICS security, strong understanding of the complex and sensitive nature of ICS/SCADA environments, and capability to evaluate cyber risks to SCADA, DCS, Smart Grids, DMS, and ECS system architectures. Technical scope spans ICS/OT products and technologies (including Honeywell, GE, Siemens, ABB), industrial networking protocol security (DNP3, Modbus, Profinet, ZigBee), endpoint OS and Server OS knowledge, OT-capable SIEM and logging/monitoring platforms (Splunk, ArcSight, QRadar), deployment of unidirectional firewalls, host-based firewalls, Anti-Malware, and HIDS in plant/operational environments, awareness of network monitoring platforms (Fidelis XPS, RSA), and endpoint protection tools and hardening (Carbon Black, Symantec, McAfee). The director applies applicable best practices and security standards (NERC-CIP, ISA99/IEC 62443, NIST 800-82, Qatar’s National ICS security standard) and understands plant process systems, plant safety, and plant integrity systems and solutions.