OT/IT Cyber Security Program Manager

TITLE:

OT/IT Cyber Security Program Manager

Title: OT/IT Cyber Security Program Manager
Reports To: Chief Information Security Officer
Location: Richmond, VA

Indivior is a global pharmaceutical company working to help change patients' lives by developing medicines to treat opioid use disorder (OUD). Our vision is that all patients around the world will have access to evidence-based treatment for OUD and we are dedicated to transforming OUD from a global human crisis to a recognized and treated chronic disease. Building on its global portfolio of OUD treatments, Indivior has a pipeline of product candidates designed to expand on its heritage in this category. Headquartered in the United States in Richmond, VA, Indivior employs approximately 700 individuals globally. Visit www.indivior.com to learn more. Connect with Indivior on LinkedIn by visiting www.linkedin.com/company/Indivior. 

POSITION SUMMARY:

The Cyber Security Program Manager will provide strong leadership for our cybersecurity program. In this role, you will lead the strategic development and delivery of enterprise-wide security initiatives, ensuring alignment with business objectives and regulatory requirements. The Program Manager will leverage the NIST Cybersecurity Framework as a guiding model, driving the implementation of security controls and processes that bolster Indivior’s security posture. This position serves as a bridge between technical security teams and associated IT groups and leadership teams, translating complex security needs into actionable items. The role also will provide general vendor risk management involving the selection and coordination of third-party security services and other business services. This position is crucial in helping protect Indivior’s production processes and global IT infrastructure.

The Cyber Security Program Manager is based in Richmond, VA, and will report to the Chief Information Security Officer (CISO).

ESSENTIAL FUNCTIONS:

The responsibilities of this role include, but are not limited to, the following:

• Execute a comprehensive cybersecurity strategy and roadmap for the organization, aligning security initiatives with Indivior’s business goals and compliance requirements. Provide thought leadership on emerging long-term security investments and plans.
• NIST CSF Implementation: Leverage the NIST Cybersecurity Framework (CSF) to structure and continuously improve the security program. Ensure that security controls and policies address all five NIST CSF functions – Identify, Protect, Detect, Respond, Recover – delivering a balanced and resilient defense for the enterprise.
• Lead cross-functional teams or projects and influencing without direct authority. Excellent communication skills are required to distill and present technical concepts to both technical teams and executive audiences in a clear, persuasive manner. Must be effective at building partnerships across organizations and managing stakeholder expectations
• Manage and maintain cybersecurity policies, standards, and procedures that reflect industry best practices and regulatory requirements. Drive regular review and updates on governance documents to ensure evolving threats and business changes, ensuring a “security by design” approach in all IT and business projects.
• Coordinate with cross-functional teams (IT operations, product engineering, compliance, and business units) to implement and enforce security controls. Serve as the primary program liaison between the security team and other departments, integrating security requirements into project plans and operational processes.
• Oversee third-party security assessments and vendor risk management activities. Work with procurement and vendor management teams to ensure external partners and service providers meet Indivior’s security standards. Address any gaps by driving remediation plans or implementing compensating controls.
• Utilize project management best practices (Agile and Waterfall) to drive security projects from inception to completion. This includes defining project scope, milestones, and success metrics; coordinating resources (internal teams and vendors); and tracking progress to ensure on-time, on-budget delivery of security initiatives.
• In-depth knowledge of information security frameworks and standards – especially the NIST Cybersecurity Framework – and experience applying them in an enterprise environment. Familiarity with other relevant frameworks (ISO 27001, CIS Critical Controls) and regulatory standards (e.g., GDPR, HIPAA) is a plus
• Provide team members in fostering a culture of continuous improvement and proactive risk management. Leverage program management skills to support team activities in delivering objectives.
• Define key performance indicators (KPIs) and risk metrics for the cybersecurity program. Monitor security program performance and risk levels and prepare regular reports and dashboards for leadership and relevant governance committees. Present program status and strategic recommendations to stakeholders, including CISO, CIO, and executive sponsors.
• While the primary focus is on program management will work closely with incident response teams to ensure preparedness and swift action during security incidents. Help coordinate post-incident reviews and integrate lessons learned into program updates and future risk mitigation plans.
• Ensure that the security program meets relevant compliance obligations (such as data protection laws and pharmaceutical industry regulations). Support internal and external audits of security controls, providing documentation and managing remediation of any findings.
• These duties help ensure the security and compliance of the pharmaceutical manufacturing

MINIMUM QUALIFICATIONS:

Education:

• Bachelor’s degree in Computer Science, Information Security, or a related field is required, a Master’s degree in Cybersecurity, Information Systems, or a related discipline is preferred.
• 10+ years of experience in cybersecurity or information security roles, with a substantial portion in security leadership or program management positions. Proven track record of successfully implementing large-scale, complex security projects or programs.
• One or more industry-recognized security certifications are highly desired. Examples include CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or GIAC certifications (SANS) . These demonstrate a solid foundation of security knowledge.
• Experience in the pharmaceutical or healthcare industry or other highly regulated environments is beneficial. Understanding the unique security and compliance challenges in pharma (e.g., protecting sensitive patient data, ensuring GxP system integrity) will help the candidate excel in this role.

License/Certifications:

• Industry Security certifications such as SANS, CISSP, etc.
• Certification such as PMP (Project Management Professional) or Certified Scrum Master is a plus
• Other relevant credentials like CRISC (Risk and Control), CGEIT, or cloud security certifications (CCSP, Azure/AWS security certs) are advantageous.
• Experience with the implementation of NIST Cyber Security Framework (CSF)
• Experience with the implementation of Purdue Model to enhance security within the OT environment.
• Previous experience of Information Technology/Operational Technologies and utility industry experience preferred with an awareness of utility specific security threats

Travel: 25%

Language:

• English required.

COMPETENCIES/CONDUCT:

In addition to the minimum qualifications, the employee will demonstrate:

• Strong leadership and influencing skills
• Ability to present technical and non-technical concepts to all levels of management & executive leadership
• Excellent teamwork, facilitation, relationship building, and negotiation skills
• Positive working relationships both leading and as part of a team.
• Strong time management skills and strong able to multitask effectively.
• Ability to work in a fast-paced, project-oriented potentially high-pressure environment
• Ability to interact clearly with business users to ensure that IT solutions fill business needs
• Ability to work demanding hours and/or be “on call” during non-working hours, as project or system emergencies require.
• Exceptional analytical and problem-solving skills
• Aptitude and drive for continuous learning and development
• Effective time management skills demonstrated by successful and timely completion of tasks
• Stay up-to-date with the latest security trends, threats, and technologies to continuously improve the organization's security posture.