15 Petabyte of data hosted, 49 countries supported, servers and thousands of devices to connect locations and businesses.
Information is clearly one of Novartis most valuable asset. In ISRM (Information Security and Risk Management), we implement and maintain solutions that secure the Novartis environment, protect our data and provide the necessary control framework to enable compliance with the various regulations associated with the healthcare industry.
Our Security Architect Operational Technology will enhance and ensure cyber security for our OT-systems. These OT-systems are used in primary and secondary manufacturing as well as warehouses, laboratory and building management.
This role will define, design, apply and supports security controls to OT systems in our sites and own and define architectural security standards for OT, as well as, lead a team of subject matter experts on this matter.
Your responsibilities :
Your responsibilities include, but are not limited to :
Support / moderate with OT system standard owners and system vendors about proper system design to meet security requirements.
Support OT system standard owners with advice on how to secure their systems.
Support in evaluating system data flows to define firewall rules.
Drive technically the implementation of OT system security controls in our manufacturing sites (network segmentation, malware protection concepts)
SPOC for cyber security topics (incidents, operational issues etc.) for assigned OTS Systems for global and local organizations.
Membership in internal / external security committees within IT / OT security
Initiate, Lead or support or Proof of Concepts before roll out.
What you’ll bring to the role :
Professional ICS / OT security certification like GICSP, or IT security certifications like CISSP.
8+ years in depth experience of securing Industrial Control Systems (ICS) like PLC, SCADA, DCS, Serialization solutions.
Ideally also experience in securing laboratory systems like chromatography, NIR, Raman and other laboratory including laboratory environmental equipment.
Ideally a solid foundation in Laboratory / ICS support which was build up with IT topics like network architectures, network protocols, industrial protocols, Active Directory, Backup processes, visualization of applications and other general IT knowledge.
Fundamental knowledge in IT-Security threat modelling, vulnerability assessments and pen-testing.
Experienced in the use of tools for incident investigations, simulation, and forensics.
In depth knowledge of GxP regulations and CSV, 21 CFR part 11, and knowledge of related standards like IEC , NIS T-82.