1. Re present the firm as a Subject Matter Expert in ICS/DCS/OT Cyber Security and
other Technologies pertaining to the automation of Oil & Gas and Utilities Operations,
2. Perform Risk Assessment on clients ICS/DCS/OT systems, people, and processes
based on UAE National IA, NERC, or NIST Standards
3. Collect data from hosts, servers, HMIs, network and security devices as part of the
technical vulnerability assessment activities at Clients sites and create a
comprehensive Asset Management Inventory Register for all mission-critical assets.
4. Perform Business Impact Analysis (BIA) to determine the impact of cyber threats and
vulnerabilities on the critical ICS/DCS/OT functions and subsequently on Clients
5. Interview facility personnel and conduct technical discussions to identify gaps against
NESA IA Controls as the first phase of the UAEs National Cyber Risk Management
Framework (NCRMF) lifecycle
6. Identify the sources of vulnerability and the attack surface of the in-scope systems.
And quantify the risk posture of the facility; develop a gap analysis of People,
Architecture and Technology against industry standards, and internal specifications.
7. Analyze the findings against NESA IA Controls to determine risks levels resulting from
each of the identified gaps,
8. Develop Audit Report and CII Operator Report per site to provide the findings of the
assessment, including risk treatment options leading to a Risk Treatment Plan with
prioritized security controls measures based on NESAs Policy and Standard,
9. Create Security Roadmap for addressing the identified risks and implementing quick-
wins and the priority controls with estimated timeframe and cost-benefit analysis,
10. Le1a d the implementation of NESA P1 and P2 Controls in Clients ICS/DCS/OT
environment, refine the existing or create new policies, processes, standards and
guidelines in compliance with NESA requirements,
11. M2an age cyber security risk vulnerability including the hardening of exiting and new
ICS/OT technologies in terms of architecture, design validation, and systems
12. Analyze and recommend risk-based mitigation actions, participate in design reviews,
witness FAT/SAT and security compliance assessments.
13. Pl an and conduct on-site ICS/DCS/OT cyber security awareness sessions for Clients
OT staff awareness on cyber threats, protection measures, NESA IA Standard, and
Clients security policies and processes,