OT/IT Cyber Security Senior Engineer

TITLE:

OT/IT Cyber Security Senior Engineer

Reports To: Chief Information Security Officer

Location: Raleigh, NC

Indivior is a global pharmaceutical company working to help change patients' lives by developing medicines to treat substance use disorders (SUD). Our vision is that all patients around the world will have access to evidence-based treatment for the chronic conditions and co-occurring disorders of SUD. Indivior is dedicated to transforming SUD from a global human crisis to a recognized and treated chronic disease.

We are driving forward our understanding of addiction and other serious mental health illnesses to create new science that will help pave the way for an even deeper understanding of patient needs and treatment innovation. We engage at all levels across the addiction treatment spectrum, interacting with governments, key opinion leaders, physicians, payers, patients, and patient advocacy groups to raise awareness and educate about addiction as a chronic, relapsing disease.

POSITION SUMMARY:

The Cybersecurity Specialist at Indivior secures and ensures compliance of all systems and networks in both manufacturing and IT, globally. Key duties include conducting vulnerability scans, ranking risks, and executing remediation plans. The role involves designing, configuring, monitoring, and maintaining firewalls, as well as designing network segmentation strategies. Compliance with FDA and DEA regulations requires meticulous record-keeping. The specialist must develop incident response plans for security breaches, manage user access to sensitive data, and conduct security awareness training for staff.

The role also covers general IT security engineering, which includes designing, maintaining monitoring solutions to detect suspicious activities, overseeing Active Directory management, Cloud services security (AWS & Azure), and ensuring timely security patches with IT and OT teams. Vendor management is another responsibility, involving the selection and coordination of third-party security services. This position is crucial for protecting Indivior’s production processes and global IT infrastructure.

ESSENTIAL FUNCTIONS:

The responsibilities of this role include, but are not limited to, the following:

1. Vulnerability Management: Regularly scan and assess both IT and manufacturing systems for vulnerabilities, prioritize them based on risk, and implement remediation plans to mitigate potential threats.
2. Firewall Management: Configure, monitor, and maintain firewalls to protect the manufacturing network from unauthorized access and cyber threats, ensuring optimal performance and security.
3. Secure Configurations: Develop and enforce secure configuration standards for IT and manufacturing systems and devices, ensuring they are hardened against cyber-attacks.
4. Compliance Management: Implement and manage controls to ensure compliance with FDA and DEA regulations, including maintaining accurate records and documentation for audits.
5. Incident Response: Develop and execute incident response plans to quickly and effectively address security breaches or other cyber incidents within the manufacturing and IT environments.
6. Network Segmentation: Maintain & implement network segmentation strategies to isolate critical manufacturing systems from less secure areas of the network.
7. Access Control: Manage user access controls, ensuring that only authorized personnel have access to sensitive systems and data, and regularly review access permissions.
8. Security Awareness Training: Conduct regular security awareness training for staff to ensure they understand and follow best practices for maintaining the security of the manufacturing environment.
9. Vendor Management: Identify, select, coordinate, and facilitate third parties to design and implement security configurations across both manufacturing and IT environments.
10. Monitoring and Logging: Maintain monitoring and logging solutions to detect and respond to suspicious activities within a manufacturing network as well as general applications and infrastructure.
11. OT Patch Management: Coordinate with IT and OT teams to ensure timely application of security patches and updates to all manufacturing systems and devices.
12. Security Design: Develop and implement security policies, procedures, best practices, and technical designs to safeguard organizational assets.

MINIMUM QUALIFICATIONS:

Education:

• Bachelor’s degree and 10 years of relevant cyber security experience or equivalent of education and experience.

Experience:

• Five or more years' experience in Operational Technology security.

License/Certifications:

• Industry Security certifications such as SANS, CISSP, etc.
• Experience with the implementation of NIST Cyber Security Framework (CSF).
• Experience with the implementation of Purdue Model to enhance security within the OT environment.
• Previous experience in Information Technology/Operational Technologies and utility industry experience preferred.

Travel: 25%

Language: English required.

COMPETENCIES/CONDUCT:

In addition to the minimum qualifications, the employee will demonstrate:

1. Strong leadership and influencing skills.
2. Ability to present technical and non-technical concepts to all levels of management & executive leadership.
3. Excellent teamwork, facilitation, relationship building, and negotiation skills.
4. Positive working relationships both leading and as part of a team.
5. Strong time management skills and ability to multitask effectively.
6. Ability to work in a fast-paced, project-oriented potentially high-pressure environment.
7. Exceptional analytical and problem-solving skills.
8. Aptitude and drive for continuous learning and development.
9. Effective time management skills demonstrated by successful and timely completion of tasks.

BENEFITS:

Indivior is committed to providing a culture driven by guiding principles and top-tier benefits that match the importance of the work we do. The Indivior experience includes:

• 3 weeks’ vacation plus floating holidays and sick leave.
• 401(k) and Profit Sharing Plan- Company match of 75% on your first 6% of contributions.
• U.S. Employee Stock Purchase Plan- 15% Discount.
• Comprehensive Medical, Dental, Vision, Life and Disability coverage.
• Health, Dependent Care and Limited Purpose Flex Spending and HSA options.
• Adoption assistance.
• Tuition reimbursement.
• Concierge/personal assistance services.
• Voluntary benefits including Legal, Pet Insurance and Critical Illness coverage.

GUIDING PRINCIPLES:

Indivior’s guiding principles are the foundation for each employee’s success and growth. Each employee is expected to demonstrate understanding and adherence to our guiding principles in their everyday performance.

COMPLIANCE OBLIGATIONS:

Indivior is committed to maintaining a workplace where employees are committed to compliance and feel comfortable raising concerns about potential violations of policies or unethical behaviour. As part of your responsibilities, you are expected to:

Employee Obligations:

• Always act with honesty and integrity.
• Know what policies apply to your role and function and adhere to them.
• If you see something, say something.

Manager Obligations:

• Always act with honesty and integrity.
• Reinforce risk awareness with your team.
• Model and reinforce a Speak Up culture on your team.

The duties and responsibilities identified in this position description are considered essential but are not limited to only those outlined. The employee may perform other functions that may be assigned.

EQUAL EMPLOYMENT OPPORTUNITY

EOE/Minorities/Females/Vet/Disabled