Job ID R-502811 Date posted October 30, 2024

Supplier Cybersecurity Risk Program Manager

Job Description Summary

Reporting to the Director of Supply Chain Resiliency and Customer Excellence, and dotted line to Sr. Manager of Third-party Risk and Enterprise Business Continuity, this position is responsible for the execution of supplier cybersecurity programs and projects to proactively manage risk throughout supplier lifecycle. Activities will include on-boarding due-diligence including cyber vetting during RFPs, contract language reviews, risk assessments, audit support, and remediation. They will also support supplier related cyber incident response and recovery activities. This role will also help to identify gaps and drive programs to achieve procurement and supplier conformity to ethics and compliance responsibilities, including legal, regulatory and privacy compliance.

Job Description

We are the makers of possible 

BD is one of the largest global medical technology companies in the world. Advancing the world of health™ is our Purpose, and it’s no small feat. It takes the imagination and passion of all of us—from design and engineering to the manufacturing and marketing of our billions of MedTech products per year—to look at the impossible and find transformative solutions that turn dreams into possibilities. 

We believe that the human element, across our global teams, is what allows us to continually evolve. Join us and discover an environment in which you’ll be supported to learn, grow and become your best self. Become a maker of possible with us. 

This role will be responsible for ensuring supplier cybersecurity due-diligence requirements are appropriately being adopted and followed globally, while working across a highly-matrixed environment. In addition, this role will be responsible for ensuring the execution of cyber assurance controls for Global Procurement associates and suppliers. This role will help to ensure vendor compliance to cybersecurity & privacy policies, contractual information security & data privacy obligations, and applicable cybersecurity regulatory requirements, globally. This role will also inform the overall supplier cybersecurity strategy within the third party cybersecurity framework.

Within the Global Procurement Supply Chain Resiliency  team, this person will collaborate across  BD businesses, Global Procurement, Cybersecurity & Digital Risk, R&D stakeholders, Product Security and Integrated Supply Chain (ISC)  to promote our security requirements, monitor and support governance activities and maintain compliance to cyber regulations that may impact our information security program. This individual will be responsible for metrics and KPIs consumed by both Global Procurement and the Cybersecurity & Digital Risk (C&DR) teams.  They should be comfortable with data analysis and aggregation to drive informed decision making.

This individual is comfortable performing risk assessments to identify gaps in supplier conformance to BD policies, cybersecurity regulatory, and contractual obligations.

The role will be responsible for providing regular program updates to procurement leadership team as well as the Cybersecurity & Digital Risk (C&DR) team. In collaboration with the Associate Director, Supplier Risk, the role will collaborate extensively with the Procurement supplier facing organization to ensure supplier cybersecurity program is deployed and adopted globally.

The role will work with C&DR team to align on requirements for appropriate third-party risk technology providers to provide supplier cyber risk insights. This individual will also be responsible for integration of supplier cyber metrics into Global Procurement’s supplier risk model and on-going maintenance of key performance indicators of supplier cyber risk. Jointly with the C&DR team, the role will be a great partner with the third party providers, as it relates to supplier cyber risk.

This role will also support training activities including educating procurement teams and suppliers as necessary. The role may also prepare and deliver any necessary internal and external communications relative to supplier cybersecurity risk initiatives.

The role will participate to ensure proper due-diligence and assessment is performed for new suppliers and any suppliers acquired during the M&A process.

Breakdown of responsibilities:

40%

Lead program execution for supplier  cybersecurity risk management to include:

  • Supplier due-diligence throughout the procurement lifecycle, inclusive of risk triage, assessment, remediation and monitoring

  • Supplier outreach to ensure process adoption and remediation of identified risk

  • Collaborate with C&DR team to align with the overall third-party cyber risk strategy and established information security policies

  • Performing supplier risk assessments to align with due-diligence requirements, using questionnaires and/or third-party vulnerability management platforms

  • Development and maintenance of metrics and indicators

  • Creation, documentation and continuous improvement of third-party risk management processes and procedures to meet internal and external audit requirements

25%

  • Incident Response and Risk Remediation Support supplier cyber incident response teams with prompt and accurate business relationship and impact data. Serve as single point of contact into Global Procurement for escalation and incident response team requests

  • Partner with C&DR team and third-party advisors to track and ensure closure to open remediation activities.

  • Collect and share learnings and continuous improvement ideas resulting from incident and remediation activities

25%

Supplier Ethics and Compliance Management

  • Drive closure to identified ethics, privacy and cybersecurity regulatory compliance related risks

  • Maintain relationships with Ethics & Compliance, Legal and Privacy teams to remain aware of supplier compliance risks and implement new controls as required

  • Ensure required information security contractual terms and conditions are present in applicable contracts and partner with Legal to remain aligned to evolving requirements

  • Support internal and/or external audits, customer RFIs and certification re-assessments which include third-party risk

10%

Training and Communications to support and educate procurement teams and suppliers

  • Partner with C&DR team to develop and waterfall supplier cyber risk related communications to wider procurement organization, stakeholders or suppliers

  • Support team report outs and alignment- engaging with both Global Procurement Risk Leadership and C&DR Third-party Risk teams on progress and strategy discussions as necessary

  • May perform other duties as required

Minimum Requirement:

  • Deep knowledge of security strategies and practices within a manufacturing business and 3rd party Risk management providers
  • Knowledge of Cyber Security standards such as NIST CSF, IS027001, ISO270002, SOC, etc. Significant knowledge of security standards, hardware, software, and practices.
  • Knowledge of Procurement, category management, Supplier Management in either or both Manufacturing and Services environments
  • Knowledge of industry standard risk management and/or auditing techniques

Skills:

  • Capable of executing, maintaining and improving programs that support critical strategies.
  • Change Management/Adoption
  • Strong business analytics
  • Meticulous assessment skills when reviewing documents for accuracy and consistency.
  • Risk Management
  • Strong interpersonal skills with the ability to influence others in a positive and effective manner
  • Excellent communication skills; both oral and written
  • Team Leadership (cross functional)
  • Working and influencing within a highly matrixed organization
  • Ability to quickly gain business acumen
  • Project and/or program management
  • Working in diverse environments
  • Strategic Thinker

Education Requirements:

  • Bachelor’s degree or certification in Information Security, Information Systems Management or equivalent technical field or relevant industry experience is required. Or, Supply Chain Management, Business Administration degree with 3 years’ experience in IT/Information security domains.

Experience:

  • 7+ years of business project/program management experience, ideally within a regulated manufacturing environment
  • 3+ years of specific Information Security or Risk Management related work experience
  • Previous knowledge of risk programs, preferably in a manufacturing setting.
  • Strong team player able to work both collaboratively and independently
  • Ability to work with ambiguity, complexity and under pressure with tight timelines and moving targets
  • Proficiency in using standard software tools (MS Office, PowerBI, MS Project, MS SharePoint, etc.

    For certain roles at BD, employment is contingent upon the Company’s receipt of sufficient proof that you are fully vaccinated against COVID-19. In some locations, testing for COVID-19 may be available and/or required. Consistent with BD’s Workplace Accommodations Policy, requests for accommodation will be considered pursuant to applicable law.

    #CLOLI

    Why Join Us?

    A career at BD means being part of a team that values your opinions and contributions and that encourages you to bring your authentic self to work. It’s also a place where we help each other be great, we do what’s right, we hold each other accountable, and learn and improve every day.  

    To find purpose in the possibilities, we need people who can see the bigger picture, who understand the human story that underpins everything we do. We welcome people with the imagination and drive to help us reinvent the future of health. At BD, you’ll discover a culture in which you can learn, grow, and thrive. And find satisfaction in doing your part to make the world a better place.  

    To learn more about BD visit https://bd.com/careers

    Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status. 

    Primary Work Location

    USA NJ - Franklin Lakes

    Additional Locations

    USA AZ - Tempe Headquarters, USA GA - Covington BMD, USA IL - Vernon Hills, USA MD - Hunt Valley, USA MD - Sparks - 7 Loveton Circle, USA PR Juncos - Road 31, USA TX - San Antonio, USA UT - Sandy

    Work Shift

    At BD, we are strongly committed to investing in our associates—their well-being and development, and in providing rewards and recognition opportunities that promote a performance-based culture. We demonstrate this commitment by offering a valuable, competitive package of compensation and benefits programs which you can learn more about on our Careers Site under Our Commitment to You.

    Salary or hourly rate ranges have been implemented to reward associates fairly and competitively, as well as to support recognition of associates’ progress, ranging from entry level to experts in their field, and talent mobility. There are many factors, such as location, that contribute to the range displayed. The salary or hourly rate offered to a successful candidate is based on experience, education, skills, and any step rate pay system of the actual work location, as applicable to the role or position. Salary or hourly pay ranges may vary for Field-based and Remote roles.

    Salary Range Information

    $112,300.00 - $185,400.00 USD Annual
    Apply

    Working in

    Franklin Lakes

    Take a look at the map to see what's nearby.

    Working in

    Franklin Lakes

    Take a look at the map to see what's nearby.

    Recommend
    to a friend

    Approve
    of CEO

    "Purpose driven company where associates work every day to make healthcare better. A lot of great initiatives going on to make BD the best MedTech company in the world."
    Anonymous, Franklin Lakes, NJ

    Don’t Miss Out

    Receive customized job alerts based on your function and/or location search criteria.

    Interested in

    Join Our Talent Pool

    Join our talent pool

    Upload your resume to help our recruiters match you to the right job. They'll be in touch if they find a good fit.

    BD Fraud Notice

    Please be aware of potentially fraudulent job postings on other websites or suspicious recruiting email or text messages that attempt to collect your confidential information. If you are concerned that an offer of employment with BD, CareFusion or C.R. Bard might be a scam, please verify by searching for the posting on the careers page or contact us at ASC.Americas@bd.com. For more information click here.