BISO - Manufacturing, Operations & Enabling

About The Position

Requirements

• 10+ years of experience in information security positions
• 5+ years' experience overseeing an information security function and influencing senior business/IT stakeholders
• Demonstrated experience securing both manufacturing/operational technology environments and enterprise business applications
• Strong familiarity with multiple regulatory and compliance frameworks including GMP/GxP and computerized system validation (pharmaceutical manufacturing), financial controls and SOX compliance (Finance), data privacy regulations (GDPR), and electronic records/signatures regulations
• Proven ability to design and operationalize security controls appropriate to diverse environments—industrial security architecture for manufacturing systems and cloud-native security patterns for enterprise SaaS platforms
• Hands-on experience securing manufacturing technology systems (operational technology, industrial control systems, manufacturing execution systems) including segmentation, secure remote access, and controls appropriate for high-availability production environments
• Hands-on experience securing enterprise SaaS and cloud platforms, including identity and access management, data protection, integration security, and vendor risk management for major enterprise applications (experience with Workday, SAP, or similar platforms highly desirable)
• Working knowledge of relevant industrial control system security standards (ISA/IEC 62443, NIST SP 800-82) and enterprise security frameworks (NIST CSF, ISO 27001/27002, CIS Controls)
• Experience running risk-based vulnerability management across diverse technology stacks—from manufacturing systems with patching constraints to enterprise SaaS platforms with continuous update models
• Understanding of global incident response processes with experience adapting containment and recovery approaches to both manufacturing constraints and business continuity requirements
• Experience managing cyber risk across diverse supplier types including equipment manufacturers, systems integrators, SaaS providers, cloud platforms, and business service providers
• M&A security experience: Familiarity with cybersecurity due diligence, integration security planning, and post-merger technology risk management is highly desirable
• Demonstrated ability to apply emerging technologies including AI/automation to improve cybersecurity and operational outcomes
• Strong written and verbal communication skills, with proven ability to present complex technical information to both technical and non-technical audiences
• Proven ability to manage competing priorities and drive outcomes across multiple business areas
• Executive presence and influence: Ability to build trusted relationships and influence decision-making across diverse stakeholder groups
• Bachelor's degree in science or relevant technical field of study

Nice To Haves

• Master's degree preferred
• Professional certifications such as CISSP, CISM, CISA, or equivalent
• Prior experience in pharmaceutical or other highly regulated manufacturing environments with computerized system validation
• Experience leading security integration in post-merger environments and large-scale technology transitions
• Track record of implementing AI/automation in security operations, policy enforcement, or risk reporting at scale

Responsibilities

• Serve as the lead security partner to Manufacturing Operations IT and Enabling Units IT leadership, shaping governance forums to drive risk-based decisions, clear accountability, and visible security outcomes.
• Guide architects to define layered security approaches, including industrial security architecture for plants and cloud-native controls for enterprise SaaS.
• Lead security for operational technology, industrial control systems, and manufacturing execution systems, implementing segmentation, secure remote access, and privileged access practices.
• Drive security consulting and risk management for enterprise platforms (Workday, SAP, Coupa, Concur), covering identity and access management, data protection, integration security, privileged access governance, and vendor assurance.
• Embed controls aligned to GMP/GxP, computerized system validation, financial controls (SOX), data privacy (GDPR), and due diligence requirements for Legal and M&A.
• Ensure security improvements align with validation and change control processes, maintaining production continuity and business operations.
• Establish comprehensive inventories and risk-based vulnerability management across manufacturing technology and SaaS/cloud platforms.
• Secure data flows from shop-floor to enterprise and across business applications with strong identity controls, logging, monitoring, and resilience patterns.
• Strengthen supplier risk management for automation vendors, equipment manufacturers, SaaS providers, cloud platforms, and business service partners.
• Collaborate with security operations and business teams to create environment-specific playbooks, run tabletop exercises, and improve recovery readiness.
• Maintain evidence aligned to GMP expectations and audit requirements for financial controls, SOX, data privacy, and M&A due diligence.
• Build risk dashboards and KPIs spanning both portfolios and drive measurable improvement over time.
• Tailor cybersecurity culture and training for operations/engineering/site roles and for Finance, HR, Legal, GBS, and M&A users.
• Lead and coach a high-performing team, setting clear goals tied to risk reduction and resilience.

Benefits

• Short-term incentive bonus opportunity
• Equity-based long-term incentive program (salaried roles)
• Retirement contribution (hourly roles)
• Commission payment eligibility (sales roles)
• Qualified retirement program (401(k) plan)
• Paid vacation and holidays
• Paid leaves
• Health benefits including medical, prescription drug, dental, and vision coverage