OT/IT Cyber Security Senior Engineer

TITLE:

Title: OT/IT Cyber Security Senior Engineer

Reports To: Chief Information Security Officer

Location: Raleigh, NC

Indivior is a global pharmaceutical company working to help change patients' lives by developing medicines to treat substance use disorders (SUD). Our vision is that all patients around the world will have access to evidence-based treatment for the chronic conditions and co-occurring disorders of SUD. Indivior is dedicated to transforming SUD from a global human crisis to a recognized and treated chronic disease. Building on its global portfolio of OUD treatments, Indivior has a pipeline of product candidates designed to expand on its heritage in this category.

Indivior was founded to help tackle the opioid crisis, one of the largest and most urgent public health emergencies of our time.  Our purpose is to bring science-based, life-transforming treatments to patients.  We strive to help eliminate the stigma of addiction.  We take our role as a responsible steward extremely seriously and commit ourselves to cultivating our unique culture and highest standards of integrity.

We are driving forward our understanding of addiction and other serious mental health illnesses to create new science that will help pave the way for an even deeper understanding of patient needs and treatment innovation.  We engage at all levels across the addiction treatment spectrum, interacting with governments, key opinion leaders, physicians, payers, patients, and patient advocacy groups to raise awareness and educate about addiction as a chronic, relapsing disease.

Connect with Indivior on LinkedIn by visiting www.linkedin.com/company/indivior.

POSITION SUMMARY:

The Cybersecurity Specialist at Indivior secures and ensures compliance of all systems and networks in both manufacturing and IT, globally. Key duties include conducting vulnerability scans, ranking risks, and executing remediation plans. The role involves designing, configuring, monitoring, and maintaining firewalls, as well as designing network segmentation strategies. Compliance with FDA and DEA regulations requires meticulous record-keeping. The specialist must develop incident response plans for security breaches, manage user access to sensitive data, and conduct security awareness training for staff.

The role also covers general IT security engineering, which includes designing, maintaining monitoring solutions to detect suspicious activities, overseeing Active Directory management, Cloud services security (AWS & Azure), and ensuring timely security patches with IT and OT teams. Vendor management is another responsibility, involving the selection and coordination of third-party security services. This position is crucial for protecting Indivior’s production processes and global IT infrastructure.

ESSENTIAL FUNCTIONS:

The responsibilities of this role include, but are not limited to, the following:

• Vulnerability Management: Regularly scan and assess both IT and manufacturing systems for vulnerabilities, prioritize them based on risk, and implement remediation plans to mitigate potential threats.
• Firewall Management: Configure, monitor, and maintain firewalls to protect the manufacturing network from unauthorized access and cyber threats, ensuring optimal performance and security.  Create and sign off on Firewall security design for IT networks including on prem as well as Azure and AWS networks.
• Secure Configurations: Develop and enforce secure configuration standards for IT and manufacturing systems and devices, ensuring they are hardened against cyber-attacks.
• Compliance Management: Implement and manage controls to ensure compliance with FDA and DEA regulations, including maintaining accurate records and documentation for audits.
• Incident Response: Develop and execute incident response plans to quickly and effectively address security breaches or other cyber incidents within the manufacturing and IT environments.
• Network Segmentation: Maintain & implement network segmentation strategies to isolate critical manufacturing systems from less secure areas of the network, reducing the risk of lateral movement by attackers.
• Access Control: Manage user access controls, ensuring that only authorized personnel have access to sensitive systems and data, and regularly review access permissions.  Includes Active Directory management.
• Security Awareness Training: Conduct regular security awareness training for staff to ensure they understand and follow best practices for maintaining the security of the manufacturing environment.
• Vender Management: Identify, select, coordinate, and facilitate 3rd parties to design and implement security configurations across both manufacturing and IT environments.
• Monitoring and Logging: Maintain monitoring and logging solutions to detect and respond to suspicious activities within a manufacturing network as well as general applications and infrastructure.
• OT Patch Management: Coordinate with IT and OT teams to ensure timely application of security patches and updates to all manufacturing systems and devices, minimizing the risk of exploitation.
• Security Design: Develop, develop, and implement security policies, procedures, best practices, and technical designs to safeguard organizational assets. This includes providing technical guidance and support to internal IT, Application, and Manufacturing teams on security-related matters.

These duties help ensure the security and compliance of the pharmaceutical manufacturing

MINIMUM QUALIFICATIONS:

Education:

• Bachelor’s degree and 10 years of relevant cyber security experience or equivalent of education and experience

Experience:

• Five or more years' experience in Operational Technology security.

License/Certifications: (If applicable)

• Industry Security certifications such as SANS, CISSP, etc.
• Experience with the implementation of NIST Cyber Security Framework (CSF)
• Experience with the implementation of Purdue Model to enhance security within the OT environment.
• Previous experience of Information Technology/Operational Technologies and utility industry experience preferred with an awareness of utility specific security threats

Travel: 25%

Language: English required.

COMPETENCIES/CONDUCT:

In addition to the minimum qualifications, the employee will demonstrate:

• Strong leadership and influencing skills
• Ability to present technical and non-technical concepts to all levels of management & executive leadership
• Excellent teamwork, facilitation, relationship building, and negotiation skills
• Positive working relationships both leading and as part of a team.
• Strong time management skills and strong able to multitask effectively.
• Ability to work in a fast-paced, project-oriented potentially high-pressure environment
• Ability to interact clearly with business users to ensure that IT solutions fill business needs
• Ability to work demanding hours and/or be “on call” during non-working hours, as project or system emergencies require.
• Exceptional analytical and problem-solving skills
• Aptitude and drive for continuous learning and development
• Effective time management skills demonstrated by successful and timely completion of tasks
• Stay up-to-date with the latest security trends, threats, and technologies to continuously improve the organization's security posture.

BENEFITS:

Indivior is committed to providing a culture driven by guiding principles and top-tier benefits that match the importance of the work we do. The Indivior experience includes:

• 3 weeks’ vacation plus floating holidays and sick leave
• 401(k) and Profit Sharing Plan- Company match of 75% on your first 6% of contributions and profit sharing contribution equal to 4% of your eligible pay
• U.S. Employee Stock Purchase Plan- 15% Discount
• Comprehensive Medical, Dental, Vision, Life and Disability coverage
• Health, Dependent Care and Limited Purpose Flex Spending and HSA options
• Adoption assistance
• Tuition reimbursement
• Concierge/personal assistance services
• Voluntary benefits including Legal, Pet Insurance and Critical Illness coverage
• Gym, fitness facility and cell phone discounts

GUIDING PRINCIPLES:

Indivior’s guiding principles are the foundation for each employee’s success and growth. Each employee is expected to demonstrate understanding and adherence to our guiding principles in their everyday performance.

COMPLIANCE OBLIGATIONS:

Indivior is committed to maintaining a workplace where employees are committed to compliance and feel comfortable raising concerns about potential violations of policies or unethical behaviour. As part of your responsibilities, you are expected to:

Employee Obligations:

• Always act with honesty and integrity.
• Risk IQ: Know what policies apply to your role and function and adhere to them.
• Speak Up: If you see something, say something.

Manager Obligations:

• Always act with honesty and integrity
• Reinforce risk awareness with your team, with accountability and oversight for ongoing review and mitigation.
• Model and reinforce a Speak Up culture on your team.

The duties and responsibilities identified in this position description are considered essential but are not limited to only those outlined.  The employee may perform other functions that may be assigned.  Management retains the discretion to add or change the duties of this position at any time.

EQUAL EMPLOYMENT OPPORTUNITY

EOE/Minorities/Females/Vet/Disabled