Supplier Cybersecurity Risk Program Manager
Job Description Summary
Reporting to the Director of Supply Chain Resiliency and Customer Excellence, and dotted line to Sr. Manager of Third-party Risk and Enterprise Business Continuity, this position is responsible for the execution of supplier cybersecurity programs and projects to proactively manage risk throughout supplier lifecycle. Activities will include on-boarding due-diligence including cyber vetting during RFPs, contract language reviews, risk assessments, audit support, and remediation. They will also support supplier related cyber incident response and recovery activities. This role will also help to identify gaps and drive programs to achieve procurement and supplier conformity to ethics and compliance responsibilities, including legal, regulatory and privacy compliance.Job Description
We are the makers of possible
BD is one of the largest global medical technology companies in the world. Advancing the world of health™ is our Purpose, and it’s no small feat. It takes the imagination and passion of all of us—from design and engineering to the manufacturing and marketing of our billions of MedTech products per year—to look at the impossible and find transformative solutions that turn dreams into possibilities.
We believe that the human element, across our global teams, is what allows us to continually evolve. Join us and discover an environment in which you’ll be supported to learn, grow and become your best self. Become a maker of possible with us.
This role will be responsible for ensuring supplier cybersecurity due-diligence requirements are appropriately being adopted and followed globally, while working across a highly-matrixed environment. In addition, this role will be responsible for ensuring the execution of cyber assurance controls for Global Procurement associates and suppliers. This role will help to ensure vendor compliance to cybersecurity & privacy policies, contractual information security & data privacy obligations, and applicable cybersecurity regulatory requirements, globally. This role will also inform the overall supplier cybersecurity strategy within the third party cybersecurity framework.
Within the Global Procurement Supply Chain Resiliency team, this person will collaborate across BD businesses, Global Procurement, Cybersecurity & Digital Risk, R&D stakeholders, Product Security and Integrated Supply Chain (ISC) to promote our security requirements, monitor and support governance activities and maintain compliance to cyber regulations that may impact our information security program. This individual will be responsible for metrics and KPIs consumed by both Global Procurement and the Cybersecurity & Digital Risk (C&DR) teams. They should be comfortable with data analysis and aggregation to drive informed decision making.
This individual is comfortable performing risk assessments to identify gaps in supplier conformance to BD policies, cybersecurity regulatory, and contractual obligations.
The role will be responsible for providing regular program updates to procurement leadership team as well as the Cybersecurity & Digital Risk (C&DR) team. In collaboration with the Associate Director, Supplier Risk, the role will collaborate extensively with the Procurement supplier facing organization to ensure supplier cybersecurity program is deployed and adopted globally.
The role will work with C&DR team to align on requirements for appropriate third-party risk technology providers to provide supplier cyber risk insights. This individual will also be responsible for integration of supplier cyber metrics into Global Procurement’s supplier risk model and on-going maintenance of key performance indicators of supplier cyber risk. Jointly with the C&DR team, the role will be a great partner with the third party providers, as it relates to supplier cyber risk.
This role will also support training activities including educating procurement teams and suppliers as necessary. The role may also prepare and deliver any necessary internal and external communications relative to supplier cybersecurity risk initiatives.
The role will participate to ensure proper due-diligence and assessment is performed for new suppliers and any suppliers acquired during the M&A process.
Breakdown of responsibilities:
40%
Lead program execution for supplier cybersecurity risk management to include:
Supplier due-diligence throughout the procurement lifecycle, inclusive of risk triage, assessment, remediation and monitoring
Supplier outreach to ensure process adoption and remediation of identified risk
Collaborate with C&DR team to align with the overall third-party cyber risk strategy and established information security policies
Performing supplier risk assessments to align with due-diligence requirements, using questionnaires and/or third-party vulnerability management platforms
Development and maintenance of metrics and indicators
Creation, documentation and continuous improvement of third-party risk management processes and procedures to meet internal and external audit requirements
25%
Incident Response and Risk Remediation Support supplier cyber incident response teams with prompt and accurate business relationship and impact data. Serve as single point of contact into Global Procurement for escalation and incident response team requests
Partner with C&DR team and third-party advisors to track and ensure closure to open remediation activities.
Collect and share learnings and continuous improvement ideas resulting from incident and remediation activities
25%
Supplier Ethics and Compliance Management
Drive closure to identified ethics, privacy and cybersecurity regulatory compliance related risks
Maintain relationships with Ethics & Compliance, Legal and Privacy teams to remain aware of supplier compliance risks and implement new controls as required
Ensure required information security contractual terms and conditions are present in applicable contracts and partner with Legal to remain aligned to evolving requirements
Support internal and/or external audits, customer RFIs and certification re-assessments which include third-party risk
10%
Training and Communications to support and educate procurement teams and suppliers
Partner with C&DR team to develop and waterfall supplier cyber risk related communications to wider procurement organization, stakeholders or suppliers
Support team report outs and alignment- engaging with both Global Procurement Risk Leadership and C&DR Third-party Risk teams on progress and strategy discussions as necessary
- May perform other duties as required
Minimum Requirement:
- Deep knowledge of security strategies and practices within a manufacturing business and 3rd party Risk management providers
- Knowledge of Cyber Security standards such as NIST CSF, IS027001, ISO270002, SOC, etc. Significant knowledge of security standards, hardware, software, and practices.
- Knowledge of Procurement, category management, Supplier Management in either or both Manufacturing and Services environments
- Knowledge of industry standard risk management and/or auditing techniques
Skills:
- Capable of executing, maintaining and improving programs that support critical strategies.
- Change Management/Adoption
- Strong business analytics
- Meticulous assessment skills when reviewing documents for accuracy and consistency.
- Risk Management
- Strong interpersonal skills with the ability to influence others in a positive and effective manner
- Excellent communication skills; both oral and written
- Team Leadership (cross functional)
- Working and influencing within a highly matrixed organization
- Ability to quickly gain business acumen
- Project and/or program management
- Working in diverse environments
- Strategic Thinker
Education Requirements:
- Bachelor’s degree or certification in Information Security, Information Systems Management or equivalent technical field or relevant industry experience is required. Or, Supply Chain Management, Business Administration degree with 3 years’ experience in IT/Information security domains.
Experience:
- 7+ years of business project/program management experience, ideally within a regulated manufacturing environment
- 3+ years of specific Information Security or Risk Management related work experience
- Previous knowledge of risk programs, preferably in a manufacturing setting.
- Strong team player able to work both collaboratively and independently
- Ability to work with ambiguity, complexity and under pressure with tight timelines and moving targets
- Proficiency in using standard software tools (MS Office, PowerBI, MS Project, MS SharePoint, etc.
For certain roles at BD, employment is contingent upon the Company’s receipt of sufficient proof that you are fully vaccinated against COVID-19. In some locations, testing for COVID-19 may be available and/or required. Consistent with BD’s Workplace Accommodations Policy, requests for accommodation will be considered pursuant to applicable law.
#CLOLI
Why Join Us?
A career at BD means being part of a team that values your opinions and contributions and that encourages you to bring your authentic self to work. It’s also a place where we help each other be great, we do what’s right, we hold each other accountable, and learn and improve every day.
To find purpose in the possibilities, we need people who can see the bigger picture, who understand the human story that underpins everything we do. We welcome people with the imagination and drive to help us reinvent the future of health. At BD, you’ll discover a culture in which you can learn, grow, and thrive. And find satisfaction in doing your part to make the world a better place.
To learn more about BD visit https://bd.com/careers
Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status.
Primary Work Location
USA NJ - Franklin LakesAdditional Locations
USA AZ - Tempe Headquarters, USA GA - Covington BMD, USA IL - Vernon Hills, USA MD - Hunt Valley, USA MD - Sparks - 7 Loveton Circle, USA PR Juncos - Road 31, USA TX - San Antonio, USA UT - SandyWork Shift
At BD, we are strongly committed to investing in our associates—their well-being and development, and in providing rewards and recognition opportunities that promote a performance-based culture. We demonstrate this commitment by offering a valuable, competitive package of compensation and benefits programs which you can learn more about on our Careers Site under Our Commitment to You.
Salary or hourly rate ranges have been implemented to reward associates fairly and competitively, as well as to support recognition of associates’ progress, ranging from entry level to experts in their field, and talent mobility. There are many factors, such as location, that contribute to the range displayed. The salary or hourly rate offered to a successful candidate is based on experience, education, skills, and any step rate pay system of the actual work location, as applicable to the role or position. Salary or hourly pay ranges may vary for Field-based and Remote roles.
Salary Range Information
$112,300.00 - $185,400.00 USD AnnualRecommendto a friend
Approveof CEO
"Purpose driven company where associates work every day to make healthcare better. A lot of great initiatives going on to make BD the best MedTech company in the world."
Anonymous, Franklin Lakes, NJ