Cybersecurity Business Analyst - Manufacturing and Quality

Role Summary

Protect the manufacturing systems that deliver life-changing medicines to millions of patients worldwide. As a Manufacturing & Quality Cybersecurity Business Analyst, you'll be at the intersection of cutting-edge cybersecurity and pharmaceutical manufacturing, ensuring that our global operations remain secure, compliant, and resilient against evolving threats.

Responsibilities

• Drive cybersecurity strategy and roadmap priorities for Manufacturing and Quality, balancing security requirements with operational needs and GMP compliance across 50+ global manufacturing sites
• Partner with business and IT teams to embed security into SAP manufacturing systems, OT/SCADA environments, quality management platforms, and emerging technologies through secure design principles
• Translate cyber risks into business language for Manufacturing and Quality leadership, presenting security metrics, scorecards, and risk acceptance decisions to executive stakeholders
• Build strategic relationships with internal customers and external partners (CMOs, vendors) to assess and reduce cybersecurity risks while maintaining operational continuity
• Lead security awareness and adoption initiatives within Manufacturing and Quality, influencing security-conscious behaviors and ensuring teams understand their role in protecting critical infrastructure
• Monitor compliance and drive remediation activities to improve the business security posture, ensuring alignment with security policies, industry frameworks (NIST, ISO), and regulatory requirements
• Stay ahead of emerging threats by continuously monitoring cybersecurity trends, attack vectors specific to pharma/manufacturing, and evolving mitigation techniques to enhance preventative and detective capabilities

Qualifications

• Required: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related technical field
• Required: 5+ years of experience in cybersecurity strategy, governance, risk management, or security operations
• Required: Comprehensive expertise across cybersecurity domains: prevention, detection, incident response, recovery, and compliance
• Required: Deep knowledge of security frameworks (NIST CSF, ISO 27001/27002, CIS Controls) and IT risk management standards
• Required: Proven track record managing complex security programs and cross-functional initiatives
• Required: Industry-recognized certification (CISSP, CISM, CRISC, or equivalent)
• Preferred: Master’s degree in Cybersecurity, Information Security, or related field
• Preferred: Experience in pharmaceutical, life sciences, or highly regulated manufacturing environments
• Preferred: Knowledge of GxP regulations (GMP, CSV/CSA) and how they intersect with cybersecurity requirements
• Preferred: Familiarity with OT/ICS security, SCADA systems, and IT/OT convergence challenges
• Preferred: Outstanding communication skills with the ability to articulate technical cyber risks to non-technical business audiences; experience influencing upward and presenting to senior leadership, including security metrics, business cases, and risk decisions
• Preferred: Experience with SAP security, manufacturing execution systems (MES), or enterprise quality management systems
• Preferred: Multiple security certifications (e.g., CISSP + CISM, GIAC, SANS)

Education

• Required: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
• Preferred: Master’s degree in Cybersecurity, Information Security, or related field

Additional Requirements

• Travel: Less than 10%
• Location: Indianapolis, IN