BISO - AbbVie United States Bookmark Share Print 1376 0 2

Listing Description

Manufacturing/Supply Chain and Back Office Business Information Security Partner

Are you an energetic Information Security leader that enjoys working with all levels of IT leadership and business partners? Do you want to be part of a dynamic, agile, multifaceted organization? Do you enjoy solving multidimensional puzzles?  The Manufacturing/Supply Chain and Back Office Business Security Partner will be the primary information security point of contact, working with the business functions on projects including internal and external data platforms, enterprise integration, medical device security, manufacturing plant/network security, new product launches and other initiatives supporting the Abbvie business. 

As part of the Enterprise Systems and Operations extended leadership team, the role will lead information security and risk management across technology investments in Enterprise Platforms (SAP, Workday, etc.) and Corporate (Finance, Legal, HR, etc.) and Operations (Supply Chain, Manufacturing, Purchasing, Quality, etc.) functions.  Role is accountable for creating and executing process and frameworks for application security, ensuring proper engagement and reviews of proprietary apps (in partnership with internal and external product development teams), ensuring data security and compliance to key regulatory and enterprise security policies.  Keep abreast of and others appraised of changes to data privacy regulations, information security risks, threats and opportunities, compliance with corporate standards, and issues affecting Manufacturing/Supply Chain and Back Office technologies and dependent up/down stream systems.  Advocate for technology innovation and investment across BTS and other internal groups.

• Act as the “CISO” for the division

• Implement, monitor and continuously innovate and improve application development and security framework for external applications and technology

• Act as partner and proactively support technology innovations to ensure secure and ongoing stable and safe technology.

• Communicate security strategies, risks, and gaps to non-technical stakeholders proactively and regularly.

• Compile, analyze, and communicate information security and risk metrics to senior management

• Prioritize security and compliance risks across the business

• Represent the corporate Information Security and Risk Management (ISRM) organization in local security and compliance matters

• Conduct quarterly business reviews with business leadership to drive risk accountability into the business.

• Ensure risk remediations are prioritized appropriately with key stakeholders.

• Develop and lead relevant governance oversight boards within the business on ISRM subject matter.

• Manage the risk register process for the business and ensure that risk dispositions are tracked and reported on

• Lead the implementation of the corporate ISRM and privacy policies across the business.  Provide guidance on how to effectively implement such policies.

• Assist in the management and execution of 3rd party risk management

• Serve as an ISRM SME, coordinating and providing multi-disciplinary knowledge, skills, and experience in regulatory/compliance and security architecture.

• Collaborate with the Information Security organization to execute on an Intellectual Property protection program.

• Review of vulnerability and patching reports to assist in the prioritization and measure SLA adherence.

• Support formal investigations driven by various corporate functions.

• Responsible for compliance with applicable regulations, standards, and Corporate Policies across all technology.

• Role could be located in Lake County, Illinois or remote.  If remote, it would require a minimum of 25% of time would be required to be physically present in Lake County, Illinois in addition to any other required travel.

Qualifications

Requirements:

• Bachelor's Degree and minimum of 12 years of experience in Information Security and IT Risk Management.

• 8-10 Years leading an Information Security team in a matrixed organization

• Demonstrated ability to proactively partner and communicate and understand the sense of urgency

• Extensive experience in designing and implementing enterprise security solutions in a global context.

• Deep understanding of Information Security and Risk Management frameworks impacting IT and Information Security (e.g., NIST, ISO).

• Excellent verbal and written communication skills with a wide range of audiences (e.g., executives, technologists, business stakeholders)

• A critical thinker with strong problem-solving skills.

• Information Security certifications preferred: CISSP