About the job
1000 Mylan Inc. At VIATRIS, we see healthcare not as it is but as it should be. We act courageously and are uniquely positioned to be a source of stability in a world of evolving healthcare needs. Viatris empowers people worldwide to live healthier at every stage of life. We do so via:
- Access – Providing high quality trusted medicines regardless of geography or circumstance;
- Leadership – Advancing sustainable operations and innovative solutions to improve patient health; and
- Partnership – Leveraging our collective expertise to connect people to products and services.
Key responsibilities for this role include:
- Provide vision and leadership for developing and supporting the global information security strategy and security architecture framework. Effectively translate business objectives and risk management strategies into solutions enabled by security technologies and services. Define and assess the organization’s security strategy, architecture, and practices through collaboration with other security teams and enterprise architects.
- Apply the organization’s goals and objectives to develop and maintain architecture.
- Assess the effectiveness of security controls for services, applications, and associated processes.
- Document and address the organization’s information security, cybersecurity architecture, and systems security engineering requirements throughout the project life cycle.
- Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization’s cybersecurity architecture guidelines. Develop enterprise architecture or system components required to meet user needs.
- Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. Analyze candidate architectures, allocate security services, and select security mechanisms.
- In close coordination with system security officers, advise authorizing officials, chief information officers, senior information security officers, and the senior accountable official for risk management/risk executive (function), on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities).
- Serve as the primary liaison between the enterprise architect and the systems security engineer and coordinate with system owners, common control providers, and system security officers on the allocation of security controls as system-specific, hybrid, or common controls.
- Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements.
- Responsible for managing project costs, design concepts, and design changes to systems or services supporting the information security environment at Viatris. Develop cost estimates for new or modified system(s).
- Provide actionable recommendations to critical stakeholders based on data analysis and findings.
- Identify the need for, and oversee the testing and evaluation of, tools for implementation. Define project scope and objectives based on customer requirements. Lead and oversee budget, staffing, and contracting.
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Develop resourcing and staffing plans with associated budgets and proposals.
- Develop personnel objectives for staff based upon organization and department objectives. Routinely evaluate staff and provide feedback.
- Ensure the development and documentation of data standards, policies, and procedures
- Evaluate threat decision-making processes. Provide expertise to the development of measures of effectiveness and measures of performance.
- Provide input to the Risk Management Framework process activities and related documentation. Participate in Risk Governance process to provide security risks, mitigations, and input on other risk.
- Perform needs analysis to determine opportunities for new and improved business process solutions. Analyze and report organizational security posture trends.
- Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- Provide cybersecurity guidance to leadership. Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training). Develop the goals and objectives for cyber curriculum.
- Coordinate with systems architects and developers, as needed, to provide oversight in the development of design solutions.
- Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals. Make recommendations regarding the selection of cost-effective security controls to mitigate risk.
The minimum qualifications for this role are:
- Bachelor’s degree (or equivalent) with a specialization in MIS, IT, or Engineering required. Master’s degree preferred. 8 years of Information Security or IT experience is required. Related education and experience may be considered.
- Qualified candidates should possess knowledge in one or more of the following areas: Computer networking concepts and protocols, and network security methodologies: Risk management processes (e.g., methods for assessing and mitigating risk); Cybersecurity and privacy principles; Cyber threats and vulnerabilities; Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Ability to design architectures and frameworks.
- Knowledge of authentication, authorization, and access control methods.
- Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
- Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
- Knowledge of new and emerging information technology and cybersecurity technologies.
- Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
- Knowledge of an organization’s information classification program and procedures for information compromise.
- Experience in utilizing knowledge management technologies and communicating complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Ability to exercise judgment when policies are not well-defined. Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Previous experience assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.) preferred.
- Ability to develop and recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
- Qualified candidates should be able to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise. Utilizing feedback to improve processes, products, and services.
- Experience in identifying the protection needs (i.e., security controls) of information systems and networks and overseeing vulnerability scanning operations and implementing remediation activity.
- Previous management experience desired as this role may supervise a team.
- Skilled in applying and incorporating information technologies into proposed solutions, designing countermeasures to identified security risks and translating operational requirements into protection needs (i.e., security controls).
- CISA, CISM, CRISC, or CISSP, CCSP, SABSA, TOGAF certification preferred.
- This role may have remote flexibility; however the preference is for this role to be based from the Canonsburg, PA location. Occasional travel may be required.
- Proficiency in speaking, comprehending, reading and writing English is required.
At Viatris, we offer competitive salaries, benefits and an inclusive environment where you can use your experiences, perspectives and skills to help make an impact on the lives of others. Viatris is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, gender expression, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
- Address Canonsburg, PA, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 5-10