The Chief Information Security Officer (CISO) serves as the leader responsible for BD’s information and data security. Reporting into the EVP & Chief Information Officer, the CISO is responsible for developing and aligning security strategy with company-wide programs, business objectives, strategy and ensuring that information assets and technologies used in manufacturing, service, enterprise IT, and third-party partners are adequately secure and resilient from malicious actors. The role provides executive leadership and is accountable for the BD information security strategic vision, mission, goals, and budget.
The CISO is responsible for establishing security and governance practices enabling a risk management framework to enable scalable business operations in the ever-evolving business and threat landscape. The CISO sets clear direction for BD and alignment in the business units and corporate functions for the adoption of solutions, processes, policies, and procedures. The CISO shall understand hands-on technical activities including security risk assessment, testing, architecture and securing fit-for-purpose technology to service the needs of our manufacturing, service, product, enterprise IT functions. This role also has accountability for Information and Product Security policies, governance, compliance, and procedures. The CISO also is accountable for enterprise education to facilitate a well-informed BD associate population about best cybersecurity practices to protect the company from preventable cyber incidents.
Additionally, the CISO shall partner with the Enterprise IT and OT teams charged with engaging the various business units on business strategy and plans to drive security strategy into the various annual strategic plans of all major Business Units and Divisions of BD, as appropriate. This individual will have a strong solid grasp of new technologies and the impacts of these technologies on the Information and Product Security polices, procedures, and BU/Division Strategic Plans.
Finally, the CISO will be a key member of BD’s Cybersecurity Risk Committee (CRC), the management-level governance body for cybersecurity at BD. The CISO will develop and update (on a yearly basis) the BD Security Roadmap and publish the annual BD Cybersecurity Report. The Security Roadmap will encompass a broad three-year plan of how the company will complete information security requirements and invest in various new capabilities and initiatives. The Security Roadmap will be reviewed each year with the CRC and progress against the roadmap will be presented at regular CRC meetings.
The position is responsible for BD-wide Global Information efforts. Collaborate with internal/external business and leaders to develop a comprehensive strategy and implement effective Information Security programs across enterprise and operational technology. Develop trust and confidence of company leaders. Serve as internal security consultant to the organization and supervises advancements in cybersecurity technologies and emerging threats and risks. Advise the organization with current information about technologies and related regulatory issues. Ensure cybersecurity is embedded in business and functional processes. Articulate high-level risks and mitigation plans to the Board of Directors and Senior Management as well as serve as a liason for security and operations portions of audit. Establish a security culture through outstanding formal and informal education and awareness programs crafted to reduce risks to BD, customers, and third parties while also engaging with key business leaders to ensure business unit involvement. Serve as a member of the Cybersecurity Risk Committee and collaborate across functions. Develop the strategy and provide mentorship on IT/OT security matters including architectures, integration, disaster recovery, maturity assessment and all other aspects of information security. Responsible for aligning the enterprise around common benchmarks and goals for BD’s enterprise-wide information security posture, assessing progress towards these goals while driving improvement. Make strategic choices to prioritize investment while leading risk and running performance to budget. Act as the organization’s representative with respect to inquiries from customers, partners, and the public regarding the organization’s cybersecurity strategy. Ensure alignment with the Product and Regulatory Cybersecurity leaders on their respective roles to strategically position BD with industry agencies and governing bodies. Guide and influence technology investments within the context of risk reduction, operational effectiveness and oganizational aligment with business and IT strategic plans. Develop, implement, and monitor a strategic, comprehensive information security risk management process to ensure the confidentiality, integrity, and availability of all information within security governance, risk and controls. Initiate external risk assessment to benchmark and set roadmap. Be responsible for the selection of testing, deployment, and maintenance for security hardware and software products used by BD in cybersecurity operations as well as outsourced arrangements. Improve information and product security policies, business and IT risk roadmaps and a formal process around security risk assessment, mitigation, response and governance. Plan, test and complete responses to security incidents and breaches, including outreach as necessary with customers, partners, agencies, or the public. Partner and coordinate security activities with related compliance, regulatory and quality organizations (e.g., Product Security, Privacy, Ethics & Compliance, Regulatory Affairs).
Minimum of 10 years of information, product, and/or cyber security leadership experience. Minimum of 5 years’ experience successfully running and developing internal talent, as well as experience leading 3rd party consultants from selection through efficient and cost-effective service delivery. Demonstrated authoritative knowledge of and experience in implementing NIST, ISO or other cybersecurity frameworks. Strong knowledge of Secure Software Development Lifecycle (SDLC) processes and methodologies. Experience with policy development and administration. In-depth knowledge of networking and protocols. Solid understanding of a wide variety of cybersecurity charges, threats, threat analysis, ethical hacking and system auditing coupled with experience with incident management. Experience with adherence to and influencing global cybersecurity regulations. Solid understanding of network infrastructure, routing, switching, servers, clients, and mobile computing. Able to align and connect business strategies with technology solutions that will mitigate risk. Excellent presentation and communication skills including engaging with and presenting to a public company board of directors. Strong collaboration skills to include conflict resolution. Shown ability to interface and develop relationships with governmental agencies who can assist the Enterprise with threat assessments and worldwide security issues.
Ability to communicate complex technical challenges in a non-technical and simplified manner to business audience.
Education and Skills
BA/BS in Computer Science, Engineering or related discipline, required. Advanced technical or business degree, preferred. Certifications such as CCNA, CCIE, CISSP, CISM, GIAC, MCSE, CCSP or equivalent, CEH are preferred.
Job ID : R-471755
- Address Franklin Lakes, NJ, USA (Hybrid)
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 10-20