BD (Becton, Dickinson and Company) - Sparks, MD
posted 16 days ago
About the position
BD is one of the largest global medical technology companies in the world. Advancing the world of health is our Purpose, and it's no small feat. It takes the imagination and passion of all of us—from design and engineering to the manufacturing and marketing of our billions of MedTech products per year—to look at the impossible and find transformative solutions that turn dreams into possibilities. We believe that the human element, across our global teams, is what allows us to continually evolve. Join us and discover an environment in which you'll be supported to learn, grow and become your best self. Become a maker of possible with us. We are seeking an experienced cybersecurity leader who will be a trusted adviser to senior business and technology stakeholders and provide broad knowledge of security strategies, policies, processes, architecture, and road maps to enable divisions/business to understand and meet security requirements in our North America and LATAM business. This function will champion the cybersecurity mandate acting as a critical partner guiding stakeholders and leading information risk management practices in their regions. This position serves as a liaison and security advocate advising and guiding enterprise-wide initiatives to reduce risk and drive security improvements. This will include KPI capture, leading/supporting remediation efforts and support of assessments, and to ensure security policy and strategy are being followed.
Responsibilities
- Collaborate with BD cybersecurity and business partner teams to ensure the business aligns plans addressing security policies, regulations, and initiatives in their products and services
- Support development and implementation of security strategies aligned to key BD risk and business needs
- Participate actively in decision making with country/BU management and seek to understand the broader impact of current decisions
- Essential business partner and will take responsibility for the assessing and managing information security risk for the business
- Ensuring that Information Security is considered in respect of all elements of business
- Support business units with the design and implementation of central security strategies
- Ensure that policy compliance is appropriate to the organizational and Business Unit's level of risk acceptance
- Demonstrate to stakeholders that appropriate security controls are in place and own/create actions plans to manage improvement or change where necessary
- Advise stakeholders on how to achieve the relevant controls and assist with solutions to support them
- Where necessary ensure that processes are documented and communicated in language that is relevant and understandable to international and/or non-technical audiences
Requirements
- Desired to have one of or more of the following certificates: CISM, CISSP
- 10+ years of experience in roles relevant to information security
- 2-3 years of team management or leadership experience
- Deep understanding and familiarity with core concepts of network security, security architecture, security operation, vulnerability management, cloud security, application security, security awareness program and threat intelligence
- Experience with security technologies and tools, including SIEM, IDS/IPS, endpoint protection, encryption, access control, firewalls, Vulnerability Management, etc.
- Strong knowledge of cybersecurity and privacy principles, frameworks, and best practices (e.g., CMMC, NIST Cybersecurity Framework, PCI, SOX, GDPR)
- Ability to analyze complex security issues and provide timely and effective solutions
- Proven ability to act independently and to execute with limited information and ambiguity
- Detail-oriented with the ability to promptly assess logs for accuracy as well as consistency
- Strong interpersonal skills with the ability to influence others in a positive and effective manner
- Ability to work in a team environment
- Excellent communication skills; both oral and written
- Previously acted as security manager or senior security consultant in mid to large organizations preferred
