Lead the design, implementation, operation and maintenance of the information security technologies.
- Develop a risk-based cyber security program which meets regulatory requirements and aligns with industry leading information security practices for manufacturing security while applying technical knowledge to protect Edwards against manufacturing cyber threats (e.g., knowledge of firewalls, intrusion detection and prevention systems, data loss prevention solutions, endpoint protections, log aggregation technology and other leading-edge security technologies).
- Develop strategies, policy and standards to protect company information and technology assets for manufacturing sites.
- Provide security architecture support for the manufacturing business. Perform threat identification and mitigation activities using industry leading security controls and tools sets. Advance Edwards' manufacturing cyber threat and vulnerability management program to ensure consistent identification, analysis, response, and monitoring of cyber security threats, events, and vulnerabilities.
- Collaborate with business units, application development teams, and third-party vendors to achieve program requirements while enabling the business. Facilitate cross team coordination to achieve defined security goals as well as meet technical requirements in support of detailed implementation plans for security projects. Manage manufacturing security projects to ensure the timely, on budget, and effective implementation of cyber security improvements that are operationally supported with validation methods in place to measure effectiveness.
- Perform assessment of cyber security incidents to identify the root cause, respond, and recover the environment
- Incidental Duties
Education & Experience:
- Bachelor's Degree or Equivalent in related field with 8 years of previous related experience required
- Certifications in related discipline (e.g., CISSP) preferred
- Direct experience supporting security architecture, security engineering or security operations in various security domains such as network security, endpoint security, identity and access management, incident response, vulnerability management
- Experience with developing security strategies, policies, control standards and risk assessment methodologies
- Experience providing security architecture support for manufacturing IT/OT environments and solutions
- Experience in the medical device or pharmaceutical sectors
- Recognized as an expert in own area within the organization while applying broad-based technical expertise and has full knowledge of other related disciplines
- Expert knowledge of industry standards and frameworks specific to ICS and manufacturing security (e.g. NISTIR 8183, ISA/IEC 62443).
- Expert knowledge in valuing and implementing industry standards such as ISO 27001/2, SOC 2, NIST CSF, HITRUST and FedRAMP Information Security standard.
- Expert knowledge of national and international regulatory compliance and frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS.
- Excellent organization and time management skills
- Excellent verbal and written communication skills and customer focused skills
- Experience drafting technical documentation
- Strict attention to detail
- Ability to interact professionally with all organizational levels and proactively escalate issues to appropriate levels of management in the organization
- Ability to manage competing priorities in a fast paced environment
- Adhere to all EHS rules and requirements and take adequate control measures in preventing injuries to themselves and others as well as to the protection of environment and prevention of pollution under their span of influence/control