Sr. Director, Information Security - Governance
Job Description Summary
Reporting into the Chief Information Security Officer (CISO), the Sr. Director of Information Security Governance is responsible for developing and aligning security cybersecurity risk management and compliance initiatives across company-wide programs ensuring that information assets and technologies used in BD products, manufacturing, service, enterprise IT, and third-party partners are adequately secure and resilient. The Sr. Director of Information Security Governance is responsible for oversight of BD’s information security policies, procedures and standards including annual reviews and approvals with cross functional stakeholders including Enterprise IT, Integrated Supply Chain, R&D and Quality.
This role will also serve as lead for programs and functions within Information Security driving integration and maturity of BD’s Information Security strategy for IT and Manufacturing functions in partnership with Technology & Global Services as well as Integrated Supply Chain respectively. The candidate will also be an active member of the Information Security Leadership Team overseeing company-wide cybersecurity strategy and governance.
Critical thinking and an in-depth understanding of risk management activities including security risk assessments, remediation planning, identity and access management, policy, and compliance. Ensuring alignment with business strategic plans and adherence of BD’s Information cybersecurity policies for Product Security, IT Security, and Manufacturing Security as applicable to global and local laws and regulations.
Essential Job Functions:
- Drive security risk management processes and ensure consistency of approach, tracking and reporting of high risks across BD
- Lead development of cybersecurity policies and standards relevant to BD environments
- Oversee global cybersecurity compliance and certification programs, including annual re-certifications
- Support and drive the third-party vendor cybersecurity risk management processes working closely with key stakeholders including legal and procurement
- Provide oversight and leadership for remediation activities, including tracking and escalation of risks identified for enterprise IT and manufacturing security. These may include risks identified through internals and cybersecurity risks including risk assessments gaps and external control assessments
- Maintain reporting and accountability of cybersecurity metrics for enterprise IT and Manufacturing Security programs respectfully
- Assist with maintenance of maturity assessment and remediation activities
- Establish governance of identities and access management for IT and Manufacturing systems
- Partner with key stakeholders across cross functional organizations including but not limited to privacy, legal, regulatory, quality and technology global services to support cybersecurity strategies and programs as needed
Education and/or Experience:
A successful candidate will demonstrate leadership capabilities and effectively manage priorities across all levels of the organization. They will have proven risk and program management skills and the ability to lead and influence in a matrix organization.
- A minimum of 5 years of directly related experience with increasingly responsible positions in cyber security and three or more years of management experience
- BA/BS in Computer Science or related discipline required, advance degree preferred
- Certifications such as CISSP and or CISM are preferred
- Deep knowledge of cybersecurity and risk management frameworks and practices such as ISO 27001 and NIST SP 800-30
- Experience leading audits, risk assessments and communicating with customers with the highest level of discretion and confidentiality
- Able to align and connect business strategies with cybersecurity compliance goals and requirements.
- Ability to communicate complex technical challenges in a non-technical and simplified manner to effectively communicate information to key stakeholders
- Ability to attract, recruit, mentor, and retain high-caliber professionals
“Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status.”
Primary Work LocationUSA NJ - Franklin Lakes
Additional LocationsCHE Eysins - Business Park Terre-Bonne, USA MA - Andover, USA MD - Sparks - 7 Loveton Circle
Recommendto a friend
"Purpose driven company where associates work every day to make healthcare better. A lot of great initiatives going on to make BD the best MedTech company in the world."
Anonymous, Franklin Lakes, NJ