Operations and Supply Chain Information Security Manager

Becton Dickinson and   •  

Baltimore, MD

Industry: Healthcare

  •  

5 - 7 years

Posted 54 days ago

Job Description Summary

BD is building an industrial control systems (ICS) cybersecurity program to protect its manufacturing and supply chain processes. The goal of the program is to enable BD Operations and Supply Chain (OSC) organizations to become more resilient and agile to cyber-threats by embedding ICS cybersecurity controls (administrative, physical and technical) into their business strategy and operational processes.

The Operations and Supply Chain Information Security Manager will play a key role in the development and implementation of the global ICS cybersecurity program strategy. The individual should possess a strong understanding of cybersecurity, manufacturing and supply chain operations and information technology. This individual will interact on a regular basis with all levels of management and will be responsible for developing a strong strategic partnerships with OSC, Global Services - Information Technology (GS-IT), and Global Information Security (GIS) leaders.

This position will bereporting to the Business Information Security Officer for Manufacturing (GIS) with a dotted line to a BD worldwide Operational organization/cluster leader.

Job Description

Responsibilities

  • In conjunction with the company’s OSC, IT and GIS departments, this individual will be responsible for the design and implementation of the architecture, technologies, policies, procedures and best practices for maintaining the security of the information and ICS assets used in operational activities in a manner that adheres to both internal and industry security standards.
  • In addition, the Operations and Supply Chain Information Security Manager will be responsible for the continuous improvement of the ICS cybersecurity program to protect the availability, integrity and confidentiality of resources essential to the company’s operational processes.
  • Responsible for the management and adoption of the ICS cybersecuritysecurity program within BD’s Operations and Supply Chain organizations and associated plants worldwide.
  • Responsible for working with management to conduct ICS risk assessments and manage operational cybersecurityrisks. Communicate identified cybersecurityrisks so operational leaders are making informed risk decisions.
  • Educate decision makers in OSC, IT and GIS on operational risk to change behaviors and practices that put the company at risk.
  • Responsible for working with operational automation and process engineering, information security and IT leads in plant locations worldwide to actively manage operational cybersecurityrisks according to the above. Under guidance of the Business Information Security Officer for Manufacturing, surfacing risk to appropriate decision makers.
  • Utilizing resources from OSC, Global Services (including IT) and GIS teams for support, guidance and partnership to: design and implement the architecture, technologies, policies, procedures and best practices for maintaining the security of the information and ICS assets used in operational activities in a manner that adheres to both internal and industry security standards.
  • Responsible for working with management to conduct ICS risk assessments and manage operational cybersecurityrisks. Communicate identified cybersecurityrisks so operational leaders are making informed risk decisions.
  • Educate decision makers in OSC, IT and GIS on operational risk to change behaviors and unsecure practices that put the company at risk.
  • The nature of the role requires the ability to influence peers, leaders, and subordinates to provide information and expertise to other units for the benefit of the overall organization.

Qualifications

  • A strong understanding of cybersecurity principles with knowledge of manufacturing processes, process controls and technology, including Programming Logic Controllers (PLC), Manufacturing Execution Systems (MES), IT and networkarchitecture, securityprocesses and tools.
  • At least 5-7 years of experience in IT/Information Security and or manufacturing operations management across multiple disciplines.
  • Knowledge of ICS Cyber Security standards such as NIST, ISA 62443 and NERC CIP.
  • Demonstrated ability to create/execute standards-based programs.
  • Knowledge of the manufacturing environment. This includes the hardware, software, procedures and best practices.
  • Strong project management skills and the ability to manage key business and other stakeholder relationships.
  • Bachelor’s degree in IT, EE or equivalent technical field and or relevant industrialexperience is required.
  • Significant knowledge of data security standards, hardware, software and practices.
  • Knowledge of the current Industrial Control Systems standards being used in industry.
  • Demonstrated ability to operate in a matrixed environment leading by influence and expertise exercised on a platform of risk-transparency in business decision making.
  • Ability to demonstrate strong written, verbal communication and presentation skills to all levels of seniority and disciplines within the organization
  • Self-motivated individual with ability to operate independently.
  • Strong critical thinking and analytical skills

Preferred

  • Masters or high level education preferred.
  • Preferred certifications in security, operations, supply chain, manufacturing and/or audit (e.g., CISSP, GICSP LEAN, Six Sigma, Supply Chain, CISM).