About the Role
Air Products is seeking a highly experienced NGHP Cybersecurity Manager to serve as the overall technical authority for Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity for the NEOM Green Hydrogen project in the Kingdom of Saudi Arabia. This role is accountable for developing and executing the OT/ICS cybersecurity compliance strategy, managing integrated testing, and leading a team of cybersecurity professionals to achieve compliance with Saudi Arabian permitting authorities. The Cybersecurity Manager will drive the end-to-end cybersecurity scope of the project, focusing on proof-of-compliance, closure of design gaps, and implementation of cyber-risk assessment recommendations. This position requires strong cross-functional leadership, interfacing with Project Management, Process Controls, Digital Technology, Vendors, Sub-Contractors, consultants, and the end-customer, NEOM Green Hydrogen Company.
At Air Products, we foster an environment where every voice is heard and everyone belongs, creating solutions that support groundbreaking projects and enable a cleaner future.
Key Responsibilities
- Revisit and strategize the implementation of the project cyber compliance roadmap, aligning with NCA ECC/OTCC, HCIS Sec-12, and Facility Owner’s policies.
- Chair cyber oversight committee meetings, drive decisions on technology adoption, and ensure the cybersecurity scope is implemented to meet project needs and facilitate successful operations.
- Identify the scope matrix, test plan, and procedures for the project scope, and maintain readiness for delivery and Stage-4 submission.
- Ensure comprehensive oversight and execution of the cybersecurity scope for all Digital Technology (DT) and Plant Computing systems, coordinating with relevant teams to validate the effective implementation and maintenance of security controls, compliance measures, and risk mitigation strategies.
- Review and approve Proof of Compliance (PoC) documents from vendors, sub-contractors, and the EPC team prior to submission to the Facility Operator and Consultant.
- Lead the closure of Cyber Risk Assessment recommendations and ensure the closure of design and contract gaps.
- Oversee the implementation of DMZ engineering, cyber services integration, and hardening procedures at all network layers required for compliance submittals.
- Integrate cyber work packages and prerequisites into the project schedule, ensuring the readiness of the HCIS Stage-4 milestone aligns with project commissioning and start-up milestones.
- Define and maintain the deliverable list and proof of compliance, verifying them before transmittal to the Facility Operator/Customer.
- Publish and maintain all required OT/ICS cybersecurity related plans and procedures in the capacity of the EPC Contractor and Integrator.
- Lead vendor and sub-contractor coordination for their delivery of respective OT/ICS cybersecurity scope, including validation, punch closure, and turnover for commissioning and start-up.
- Actively pursue technical rigor to ensure consistency in technical solutions, facilitating ease of maintenance of project assets upon handover to the Facility Operator (NGHC).
- Ensure proper handover and handoff to the facility operator, including necessary training as identified and aligned in the cyber oversight committee.
- Liaise with Air Products Subject Matter Experts (SMEs) to resolve technical issues.
- Maintain alignment with the cross-functional team and advise on schedule, budget impacts, and change orders.
- Conduct site engagement during the pre-commissioning, commissioning, and CSAT phases of the project.
Qualifications and Requirements
- Bachelor’s degree in Engineering (Electronics/Instrumentation/Automation preferred) or equivalent.
- Advanced ICS/OT cybersecurity qualifications, including ISA/IEC 62443 and NIST CSF.
- 15+ years of leadership experience in ICS/OT cybersecurity on CNI-class facilities, with a strong preference for experience in the Kingdom of Saudi Arabia.
- Proven track record of delivering projects through HCIS Stage-4 compliance.
- Deep understanding of ICS architectures (BPCS/SIS/SCADA), DMZ (*******, segmentation, firewalls, Panorama, SIEM/Splunk, USB gateway, Nozomi, MFA/jump-host, and RBAC.
- Strong cross-functional interface background with Process Controls (PCE) and DT/Plant Computing.
- Working experience with KSA regulations such as NCA ECC-1:2018, OTCC-1:2022, and cybersecurity aspects outlined by SAIS.
- Technical fluency in DMZ design, firewall management (Panorama), SIEM/logging, anomaly detection, endpoint controls, and evidence workflows.
- Proficiency in documentation, including CSAT/PoC packs, Aconex/OT workflows, checklists, inventories, and ensuring submission quality.
- Evidence of delivering KSA ICS / OT Cybersecurity regulatory compliance projects is a strong plus.
- Preferred certifications include ISA/IEC 62443 Cybersecurity Expert, CISSP/CCSP, GIAC ICS, or any vendor-specific security certifications (Palo Alto, Splunk).
Required Skills
- OT/ICS Cybersecurity
- NCA ECC/OTCC
- HCIS Sec-12
- Proof-of-Compliance
- Cyber Risk Assessment
- DMZ Engineering
- Cyber Services Integration
- Hardening Procedures
- Project Schedule Integration
- Vendor and Sub-contractor Coordination
- Technical Rigor
- Handover and Handoff Procedures
- Cross-functional Team Alignment
- Schedule and Budget Impact Analysis
- Change Order Management
- ICS Architectures (BPCS/SIS/SCADA)
- DMZ (*******
- Segmentation
- Firewall Management (including Panorama)
- SIEM/Splunk
- USB Gateway
- Nozomi
- MFA/Jump-host
- RBAC
- Process Controls (PCE)
- DT/Plant Computing
- KSA Regulations (NCA ECC-1:2018, OTCC-1:2022, SAIS)
- DMZ Design
- SIEM/Logging
- Anomaly Detection
- Endpoint Controls
- Evidence Workflows
- CSAT/PoC Packs
- Aconex/OT Workflows
- Checklists
- Inventories
- Submission Quality
- ISA/IEC 62443 Cybersecurity Expert
- CISSP/CCSP
- GIAC ICS
- Palo Alto Security
- Splunk Security
Work Environment and Location
This is a full-time position. The primary office base is the project site office in Duba, KSA. The role requires frequent travel to PWE sites and vendor locations. The work schedule follows an 8 Weeks ON / 2 Weeks OFF rotation.
