Head of Cybersecurity Operations
Philip Morris International
- Lausanne
- Unbefristet
- Vollzeit
- Prioritizing, defining, and orchestrating the execution risk treatment strategy.
- Developing and embedding capabilities and controls across the cybersecurity value chain (Identify, Protect, Detect, Respond, and Recover) to effectively sustain cybersecurity initiatives.
- Operate and monitor security controls in a continuous manner, on behalf of control owners in Product and Operations functions.
- Support the BISO with the development and implementation of a Cybersecurity Operations strategy and programs, in alignment with the business goals of Product and Operations functions.
- Together with the BISO, Lead and be responsible for the orchestration and execution of complex and strategic cybersecurity initiatives across Product and Operations functions.
- Supervise the day-to-day activities of the cybersecurity operations team ensuring efficient control operations and testing.
- Drive the implementation of operating model, processes, and procedures to transform the whole IT Product & Operations function in an effective 1st Line of Defense.
- Support Operations and Product functions in the organisational change to become an effective business 1st Line of Defense, with focus on product owners, project managers and technology SMEs (e.g., at Engineering Solutions, Product Engineering, Product Development IoT, in PMI plant shop floor).
- Work with strategic service providers to establish a cost-effective 1st Line of Defense structure capable of delivering continuous control monitoring.
- Drive convergence between IT and OT with the objective of mitigating cyber risk and improving operational efficiency.
- Keep alignment with IT Platforms partners to proactively implement "security-by-design" and "privacy-by-design" measures (people, processes, and tools).
- Perform active measurement and governance on the CISO metrics.
- Connect information security initiatives to compliance and regulatory requirements, and be responsible for internal and external audits (e.g., FDA, CAD, FM Global) and Qualification and Validation activities in scope of GxP.
- Bachelor's or master's degree in computer science, information security, or a related field, or equivalent work experience.
- 10+ years of Cybersecurity experience in multiple IT and/or OT roles, with progressive leadership responsibilities.
- At least 3+ years of experience directly managing security and controls operations in a 1st Line of Defense structure.
- Consistent record in coordinating information security initiatives, with exposure to business processes and related technology systems in some or all the following functional areas: Manufacturing, Engineering, Supply Chain, Product, Quality, Electronics Manufacturing.
- Experience with enterprise level programs that use both traditional and agile frameworks, and the ability to adapt to changing requirements and priorities.
- Proven track record in project management, with focus on partner, budget, communication, and virtual/indirect team management.
- Strong leadership, communication, and collaboration skills, with the ability to influence and motivate teams and collaborators across the organization.
- Broad security knowledge to speak credibly to IT/OT/IIoT technology and information security SMEs.
- Strong teammate with ability to build pro-active, co-operative working relationships with peers and key partner, across cultures and geographies.
- Knowledge of basic identity and access management concepts (e.g., single sign on, identity federation) and standards (e.g., SAML, OAuth 2.0, OpenID).
- Experience in developing and managing budgets, schedules, resources, and risks for cybersecurity programs.
- Experience in interacting with cybersecurity policies, standards, and best practices, and ensuring compliance with applicable laws and regulations.
- Good understanding of security frameworks and standards (e.g., SOC2, ISO27001/27002, CSA, CIS, NIST, OWASP, etc.).
- Experience in working with external partners, vendors, and auditors on cybersecurity related matters.
- High energy level or equivalent experience and flexibility to meet a variety of demands while producing superior work products under short deadlines.
- Ability to put “end user hat on;” empathize, anticipate, and solve problems.
- Ability to build and maintain relationships with senior management, partners, and team members.
- Advanced knowledge of ICS/IoT/IIoT platforms, cloud computing architectures (e.g., SaaS, IaaS, PaaS), and related information security risks and frameworks.
- Knowledge of protocols and architectures related to industrial environments (e.g., OPC UA, Purdue model).
- Industrial information security training/certification (e.g., GICSP, ISO/IEC 62443).
- Work-life balance: Wellbeing comes first. We offer a fantastic office environment and hybrid working options to ensure you have the best work-life balance possible
- Learning & Development: Your growth is a priority. Our robust and varied learning & development ecosystem will help you strengthen your technical skills and enhance your soft skills and eye for business. The capabilities you will acquire with us will support your life-time employability within IT, PMI, and beyond
- Inclusion & Diversity: Our differences - much more than our similarities - generate the innovation we are looking for. We aspire to build a diverse and inclusive organization to access the breadth and depth of thinking and sensitivity vital to thrive