BISO - Manufacturing, Operations & Enabling

About The Position

Requirements

• 10+ years of experience in information security positions
• 5+ years' experience overseeing an information security function and influencing senior business/IT stakeholders across diverse technology environments
• Demonstrated experience securing both manufacturing/operational technology environments and enterprise business applications, with ability to translate operational and business realities into effective cybersecurity controls
• Strong familiarity with multiple regulatory and compliance frameworks including GMP/GxP and computerized system validation (pharmaceutical manufacturing), financial controls and SOX compliance (Finance), data privacy regulations (GDPR), and electronic records/signatures regulations
• Proven ability to design and operationalize security controls appropriate to diverse environments—industrial security architecture for manufacturing systems and cloud-native security patterns for enterprise SaaS platforms
• Hands-on experience securing manufacturing technology systems (operational technology, industrial control systems, manufacturing execution systems) including segmentation, secure remote access, and controls appropriate for high-availability production environments
• Hands-on experience securing enterprise SaaS and cloud platforms, including identity and access management, data protection, integration security, and vendor risk management for major enterprise applications (experience with Workday, SAP, or similar platforms highly desirable)
• Security standards and frameworks: Working knowledge of relevant industrial control system security standards (ISA/IEC 62443, NIST SP 800-82) and enterprise security frameworks (NIST CSF, ISO 27001/27002, CIS Controls), with ability to apply appropriate controls to each environment
• Experience running risk-based vulnerability management across diverse technology stacks—from manufacturing systems with patching constraints to enterprise SaaS platforms with continuous update models
• Understanding of global incident response processes with experience adapting containment and recovery approaches to both manufacturing constraints (safety, quality, uptime) and business continuity requirements (financial close, payroll, procurement)
• Experience managing cyber risk across diverse supplier types including equipment manufacturers, systems integrators, SaaS providers, cloud platforms, and business service providers, including enforceable minimum controls and ongoing assurance
• M&A security experience: Familiarity with cybersecurity due diligence, integration security planning, and post-merger technology risk management is highly desirable
• Demonstrated ability to apply emerging technologies including AI/automation to improve cybersecurity and operational outcomes while protecting sensitive data and maintaining human oversight
• Strong written and verbal communication skills, with proven ability to present complex technical information to both technical and non-technical audiences, including manufacturing site leaders, finance executives, HR leadership, legal counsel, and global IT
• Proven ability to manage competing priorities and drive outcomes across multiple business areas with different risk profiles, regulatory obligations, and operational constraints
• Executive presence and influence: Ability to build trusted relationships and influence decision-making across diverse stakeholder groups with different business priorities and technical maturity levels.
• Bachelor's degree in science or relevant technical field of study

Nice To Haves

• Master's preferred.
• Professional certifications such as CISSP, CISM, CISA, or equivalent.
• Prior experience in pharmaceutical or other highly regulated manufacturing environments with computerized system validation.
• Experience leading security integration in post-merger environments and large-scale technology transitions.
• Track record of implementing AI/automation in security operations, policy enforcement, or risk reporting at scale.

Responsibilities

• Serve as the lead security partner to Manufacturing Operations IT and Enabling Units IT leadership, shaping governance forums to drive risk-based decisions, clear accountability, and visible security outcomes across both portfolios.
• Guide architects to define layered security approaches suited to each environment—industrial security architecture for plants and cloud-native controls for enterprise SaaS—so that controls are effective, pragmatic, and scalable.
• Lead security for operational technology, industrial control systems, and manufacturing execution systems, implementing segmentation, secure remote access, and privileged access practices that respect validation and uptime requirements.
• Drive security consulting and risk management for Workday, SAP, Coupa, Concur and other enterprise platforms, covering identity and access management, data protection, integration security, privileged access governance, and vendor assurance.
• Embed controls aligned to GMP/GxP and computerized system validation in manufacturing, financial controls and SOX for Finance, GDPR for employee data, and due diligence requirements for Legal and M&A—demonstrating audit- and inspection-ready evidence.
• Ensure security improvements align to validation and change control processes, with impact assessments, documentation, and compensating controls that maintain production continuity and business operations.
• Establish comprehensive inventories and risk-based vulnerability management across both manufacturing technology and SaaS/cloud platforms, reducing critical exposures while respecting patching and update constraints.
• Secure data flows from shop-floor to enterprise and across business applications (HR-to-Finance, procurement-to-payment), with strong identity controls, logging, monitoring, and resilience patterns.
• Strengthen supplier risk management for automation vendors, equipment manufacturers, SaaS providers, cloud platforms, and business service partners through enforceable minimum controls, ongoing assurance, and secure support models.
• Collaborate with security operations and business teams to create environment-specific playbooks, run tabletop exercises, and improve recovery readiness for production-critical and business-critical services.
• Maintain evidence aligned to GMP expectations and audit requirements for financial controls, SOX, data privacy, and M&A due diligence to ensure continual readiness.
• Build risk dashboards and KPIs spanning both portfolios—segmentation coverage, remote access compliance, critical exposure reduction, SaaS posture, identity governance maturity, recovery readiness—and drive measurable improvement over time.
• Tailor cybersecurity culture and training for operations/engineering/site roles and for Finance, HR, Legal, GBS, and M&A users, enabling role-appropriate security practices and shared ownership of risk.
• Set clear goals tied to risk reduction and resilience, coach for performance, and create an environment where consultants and analysts thrive and deliver tangible outcomes.

Benefits

• qualified retirement program [401(k) plan]
• paid vacation and holidays
• paid leaves
• health benefits including medical, prescription drug, dental, and vision coverage
• short-term incentive bonus opportunity
• eligibility to participate in our equity-based long-term incentive program (salaried roles)
• to receive a retirement contribution (hourly roles)
• commission payment eligibility (sales roles)