Job Description Summary

Job Description

Description

The Sr. Director of Information Security Engineering serves as the strategic leader of engineering efforts for both enterprise information security and product security organizations. Reporting into the Chief Information Security Officer (CISO), the Sr. Director of Information Security Engineering is responsible for developing and aligning security engineering initiatives with company-wide programs, business objectives and ensuring that information assets and technologies used in BD products, manufacturing, service, enterprise IT, and third-party partners are adequately secure and resilient. The role provides leadership and is accountable for the BD information and product security engineering strategic planning goals, mission, vision, values and budget. The primary objective of this role is assuring the adequate protection and resilience of information assets (process, systems and data) from compromises in the confidentiality, integrity and availability for product, manufacturing, service, and enterprise IT.

The Sr. Director of Information Security Engineering shall have an in-depth understanding of technical activities including security testing, architecture, analyzing current technology infrastructure for product, manufacturing, service, and enterprise IT, assuring alignment with strategic plans, ensuring IT and business operations as well as Information and Product Security policies and procedures adhere to local laws around the world.

Additionally, the Sr. Director shall manage security architects and penetration testers and partner with the Enterprise IT and R&D teams charged with engaging the various business units on business strategy and plans to drive security strategy into the various annual strategic plans of all Business Units.  This individual will have a strong working knowledge of emerging technologies and the impacts of these technologies on the Information and Product Security polices, procedures, and BU/Division Strategic Plans.

Finally, the Sr. Director will develop and maintain (on an annual basis) the BD Information Security Technology Roadmap.  This roadmap will be approved each year by the CISO, CIO and CTO.  The roadmap will encompass a multi-year plan of how the company will execute the information and product security requirements and invest in various new capabilities and initiatives.

Responsibilities

1.    The position is responsible for BD-wide Information Security Engineering efforts. Collaborate with internal/external Business partners/ leaders to develop a comprehensive strategy and implement effective Information Security programs. Develop trust and confidence of company leaders.

2.    Serves as internal security consultant to the organization and monitors advancements in cybersecurity technologies. Advise the organization with current information about technologies.

3.    Establish a security culture through education and awareness programs designed to reduce risks to BD, customers, and third-parties while also engaging with key business leaders to ensure business unit involvement. 

4.    Develops the organization design, resources and processes to effectively accomplish product and enterprise IT objectives.

5.    Guide and influence technology investments within the context of operational effectiveness and organizational alignment with business and IT strategic plans.

6.    Oversee the selection of testing, deployment, and maintenance for security hardware and software products as well as outsourced arrangements.

7.    Improve information and product security policies, business and IT risk roadmaps and a formal process around security risk assessment, mitigation, response and governance.

8.    Participate in the strategic plans of Business Units, Regions, and Enterprise IT.

9.    Plan, test and execute responses to security breaches, including outreach as necessary with customers, partners, or the general public.

10.  Partner and coordinate security activities with related compliance, regulatory and quality organizations (e.g., Privacy, Ethics & Compliance, Regulatory Affairs).

Requirements

1.    Minimum of 6 years of information, product, and/or cyber security leadership experience.  Minimum of 5 years’ experience managing internal talent, as well as 3rd party consultants.

2.    Strong knowledge of Secure Software Development Lifecycle (SDLC) processes and methodologies.

3.    In-depth knowledge of networking and protocols.

4.    Strong understanding of a wide variety of cybersecurity technologies for architecture and testing relating to Multi-Factor Authentication, Passwordless Authentication, Digital Rights Management, PKI, Endpoint Protection, Mobile Device Management, Patch Management, Vulnerability Management, Security Incident and Event Management, Data Loss Prevention, Zero Trust.

5.    Able to align and connect business strategies with technology solutions.

6.    Excellent presentation and communication skills.

7.    Manage a security engineering program assuring that project teams are well-managed and that appropriate resources are provided.

8.    Subject matter expertise relevant to assigned business area

9.    Ability to communicate complex technical challenges in a non-technical and simplified manner to business audience.

10.  Ability to effectively communicate business needs to the technology teams.

Education and Skills 

1.    BA/BS in Computer Science or related discipline required,

2.    Advance degree preferred

3.    Certifications such as MCSE, CCNA, CCIE, CISSP, CISM, GIAC, CEH preferred

Primary Work Location

Additional Locations

Work Shift