Contracting Program / Project Manager (Feb 2011 - Sep 2015)
The Southern Area Oil Projects Division (SAOPD) was responsible for over $2 billion in projects and their related contracts [up to $200 million each] and change orders; SAOPD had over 125 PM professionals of various divisions. The division handled new facility, facility maintenance, and upgrade projects to:
- Refineries and gas plants including the Abqaiq Plant, the world’s largest oil processing and crude stabilization facility
- Industrial Automation and Process Control Systems [operational technology - OT]
- Plants’ electrical systems and – in one case – power transmission networks as a joint venture with Saudi Consolidated Electric Company (SCECO)
Performed as program manager for all of the Southern Area Oil Projects Division’s (SAOPD) major and minor contracts, as well as a project manager for each individual contract. Supervised a staff of three.
Provided vacation relief for my manager when he was on vacation 6 weeks of the year; as Acting Business Administrator (while still performing Contract Specialist responsibilities) was in charge of approximately 25 personnel, including the functions of Contracting, Cost, Scheduling, Safety, Estimating, Materials and Computer Security Liaison. Also made personnel and budgetary decisions, as well those related to divisional business interfaces with corporate and external stakeholders, including department management and VP of engineering.
Cross-functional relations with multiple disciplines within a full managerial hierarchy, divisional [especially project engineers], corporate, project owners, and contractors as stakeholders. Full-cycle contracting life cycle (CLC) from contract development through bid slate selection, request for proposal (RFP) evaluation, award contract, change order management, vendor dispute to project closeout.
Transferred from Internal Auditing to process re-engineered function out of poor internal controls and fraudulent history. Documented divisional contracting procedures and developed weekly Contracting Status Reports. In subsequent internal audits, no control exceptions were found within my Contracting Unit.
Project manager for:
- Contracts project scheduling – enhanced accuracy and visibility of contracting duration along the critical path by developing a series of MS Project templates for each contract type, working with divisional project scheduler. Templates were provided the input of the RFP data and it calculated the contracting project plan backward to the start of contract development and forward to contract signing. These templates were imported into Oracle Primavera to integrate with the overall project plan.
- Vendor evaluation and capacity planning – imported related datafiles into MS Excel and used Excel macros to prepare the data fields and then Excel’s charting capabilities to visualize data characteristics, MS Access to perform crosstab queries, joining tables by key fields and identifying duplicate and unmatched records. Resulting report identified data integrity problems, inherent weaknesses in the current processes, and report and made recommendations for remediation. The report resulted in an Operational Excellence initiative.
Wrote memos for Project Management SVPs, VPs, Departmental and Divisional Managers; to other functions and contractors, including memos having substantial engineering content.
Senior Info Systems Auditor (Jul 2005 - Jan 2011)
Internal Auditing function had 100 internal auditors and audit managers; the Information Systems Audit Division (ISAD) had 10-15 IT auditors.
As an in-charge auditor, supervised staff of one to five. In-charge or assisted audits in:
Comprehensive audits of systems autonomous from Corporate IT :
- Process Control Systems (PCS) for refineries, gas plants, pipelines, ship ports and docks – from firewall separating corporate and plant PCS operational technology (OT): network architecture and security configuration, vendor applications, control room, electrical systems and UPS, server room, physical security, process interface buildings, compliance with engineering standards.
- Engineering Business Line (EBL) – scientific and technical applications: end-user computing applications to EBL data center and supercomputer center, application development.
- Security Department (SD): facility card reader access system, automated fingerprint information system (AFIS), SD data center, applications development, in-house developed applications.
- Corporate Data Center,
- Firewalls,
- Active Directory and Windows Servers,
- Oracle Database,
- Software licensing agreements (SLAs),
- Law Department Applications,
- Vendor and in-house service level agreements (SLAs).
- International Ship and Port Facility Security (ISPS).
Performed as project manager for implementation of:
- Risk-based auditing, Audit Data Analytics (ADA) and
- Risk-Based Auditing (RBA) initiative, which used Control Objectives for IT and Related Technologies (COBIT) for IT security and controls. Participated in a major fraud investigation on a mega-project.
Acted as an internal consultant to a pre-audit review of mission-critical geographic information systems (GIS), which also hosted the company’s most confidential data on oil reserves. Identified extreme weaknesses security and controls in the ArcGIS software, the only one in the world with powerful functionality that Saudi Aramco needed. Made recommendations to request ArcGIS to make major new security capabilities in their next release; this resulted in enhanced security features for all global ArcGIS customers.
For Policies and Procedures related to IT, Security Department and Engineering Business Lines and for PCS Engineering Standards: reviewed proposed new and revisions and made regular recommendations for their enhancement.
Contributed to the development of each year’s Annual and Five-Year Strategic Plans for the Information Systems Audit Division.
Participated in a fraud investigation at a megaproject (over $1 billion).
