IT Security Manager providing operational leadership for ICBC’s IT security program. Enhancing cyber security practices and managing security initiatives in a dynamic, hybrid cloud environment.
About the role
- Senior Manager overseeing cybersecurity strategies in the MedTech Supply Chain for APAC region at Johnson & Johnson. Focus on enhancing security posture and compliance for manufacturing and distribution sites.
Responsibilities
- Champion a Secure-by-Design approach with stakeholders to embed security capabilities and services within business initiatives.
- Perform cybersecurity risk assessments of IT and OT assets within the manufacturing and distribution sites.
- Drive the OT cybersecurity capability adoption across sites to secure IT and OT assets and enable safe & secure innovation.
- Provide tailored security guidance (based on risk and complexity) by interpreting and applying the internal cybersecurity policy requirements and standards for innovative IT and OT initiatives.
- Partner with security, business, and technology teams to identify, assist with the creation of mitigation and remediation plans, and track the closure of cybersecurity risks.
- Provide regular cybersecurity posture updates to business, function, site leadership and regional teams.
- Create site-specific cybersecurity roadmaps to provide input into the cybersecurity business planning process and improve the cybersecurity posture of the sites.
- Promote the importance of cybersecurity across the region and sites.
- Assist the Security Operations Center (SOC) with security incident investigation activities; work closely with business teams to support affected users and be the liaison with central investigation teams.
- Drive business understanding of critical cybersecurity regulations and ensuring solutions are compliant (CPC, NIST, NIS2, Safe Data, Zero Trust, etc.).
- Support the global deployment of security initiatives with awareness sessions, identify alternative ways of working to avoid business disruptions, and review exception requests.
- Provide audit support as the liaison between corporate audit functions from pre-work to consulting remediation plans.
- Interpret gaps identified by the Third-Party Risk Management team and collaborate with business and technology stakeholders to ensure vendors remediate the gaps identified.
- Enhance Application Security used within the region by interpreting internal security and regulatory requirements such as Sarbanes–Oxley (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), European Union Network and Information Security 2 (NIS2), China's Cybersecurity Law (CSL), etc.
Requirements
- 8+ years of related experience in leadership and execution roles within Cybersecurity or Risk Management
- Bachelor’s degree in computer science, information technology, business administration, or another rigorous discipline is required
- MBA preferred
- 6+ years of hands-on experience in delivering technology; and cybersecurity design and capabilities required
- Direct working and/or supporting experience of Supply Chain applications and China Cybersecurity Law compliance is required
- Understanding of IEC 62443, NIST 800-53, and 800-82 required
- Ability to independently complete tasks accurately and thoroughly is required
- Strong understanding of security data protection and capabilities in a manufacturing and/or distribution site is required
- Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross-functionally and globally, establishing oneself as an inspiring leader with expertise in space
- Certifications in cybersecurity (CISM, CISSP, GICSP, ISA-62443), audit (CISA), manufacturing, or risk management (CRISC) are preferred.
- Strategic mindset to develop capability roadmaps that will enable proactive reliability through data & automation.
Benefits
- Health insurance
- Competitive salary
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Security Officer ensuring safety and security of Yankee Candle assets and personnel. Responsiblities include monitoring, patrols, incident response, and safety training at the corporate campus.
Senior Specialist in Information Security Governance, Risk & Compliance at Cellulant, driving information security, privacy, and compliance standards within BFSI context.
Cloud Security & Application Security Engineer at Cellulant enhancing security across cloud - native platforms and applications. Working in a hybrid role to support a leading payment service provider in Africa.
IT Audit Consultant joining Baker Tilly to manage technology risks for clients, offering strategic advice and audit support. Engaging with client executives to ensure compliance and operational efficacy.
Senior Health and Safety Advisor overseeing health and safety on construction projects for Aecon. Ensuring compliance with SST legislation and promoting zero accident culture.
Experienced Information Security Officer at Daikin responsible for defining Information Security strategy and ensuring compliance with regulatory frameworks. Collaborating with external specialists and mentoring junior team members in EMEA.
Senior Information Security Specialist executing Daikin Europe’s Information Security strategy. Collaborating with leadership to ensure our systems and services remain secure and compliant with regulations.
Information System Security Officer ensuring security controls and risk mitigation in Aerospace. Collaborating with teams to assess threat landscapes and guide clients with actionable plans.
Cyber Security Architect at Booz Allen supporting program management of cybersecurity tools suite and Zero Trust Architecture roadmap. Lead technical efforts in modern security practices and team collaboration.