OT/IT Cyber Security Program Manager

Role Summary

The Cyber Security Program Manager will provide strong leadership for our cybersecurity program. In this role, you will lead the strategic development and delivery of enterprise-wide security initiatives, ensuring alignment with business objectives and regulatory requirements. The Program Manager will leverage the NIST Cybersecurity Framework as a guiding model, driving the implementation of security controls and processes that bolster Indivior’s security posture. This position serves as a bridge between technical security teams and associated IT groups and leadership teams, translating complex security needs into actionable items. The role also will provide general vendor risk management involving the selection and coordination of third-party security services and other business services. This position is crucial in helping protect Indivior’s production processes and global IT infrastructure. The Cyber Security Program Manager is based in Richmond, VA, and will report to the Chief Information Security Officer (CISO).

Responsibilities

• Execute a comprehensive cybersecurity strategy and roadmap for the organization, aligning security initiatives with Indivior‚Äôs business goals and compliance requirements. Provide thought leadership on emerging long-term security investments and plans.
• NIST CSF Implementation: Leverage the NIST Cybersecurity Framework (CSF) to structure and continuously improve the security program. Ensure that security controls and policies address all five NIST CSF functions ‚Äì Identify, Protect, Detect, Respond, Recover ‚Äì delivering a balanced and resilient defense for the enterprise.
• Lead cross-functional teams or projects and influencing without direct authority. Excellent communication skills are required to distill and present technical concepts to both technical teams and executive audiences in a clear, persuasive manner. Must be effective at building partnerships across organizations and managing stakeholder expectations.
• Manage and maintain cybersecurity policies, standards, and procedures that reflect industry best practices and regulatory requirements. Drive regular review and updates on governance documents to ensure evolving threats and business changes, ensuring a ‚Äúsecurity by design‚Äù approach in all IT and business projects.
• Coordinate with cross-functional teams (IT operations, product engineering, compliance, and business units) to implement and enforce security controls. Serve as the primary program liaison between the security team and other departments, integrating security requirements into project plans and operational processes.
• Oversee third-party security assessments and vendor risk management activities. Work with procurement and vendor management teams to ensure external partners and service providers meet Indivior‚Äôs security standards. Address any gaps by driving remediation plans or implementing compensating controls.
• Utilize project management best practices (Agile and Waterfall) to drive security projects from inception to completion. This includes defining project scope, milestones, and success metrics; coordinating resources (internal teams and vendors); and tracking progress to ensure on-time, on-budget delivery of security initiatives.
• In-depth knowledge of information security frameworks and standards ‚Äì especially the NIST Cybersecurity Framework ‚Äì and experience applying them in an enterprise environment. Familiarity with other relevant frameworks (ISO 27001, CIS Critical Controls) and regulatory standards (e.g., GDPR, HIPAA) is a plus.
• Provide team members in fostering a culture of continuous improvement and proactive risk management. Leverage program management skills to support team activities in delivering objectives.
• Define key performance indicators (KPIs) and risk metrics for the cybersecurity program. Monitor security program performance and risk levels and prepare regular reports and dashboards for leadership and relevant governance committees. Present program status and strategic recommendations to stakeholders, including CISO, CIO, and executive sponsors.
• While the primary focus is on program management, will work closely with incident response teams to ensure preparedness and swift action during security incidents. Help coordinate post-incident reviews and integrate lessons learned into program updates and future risk mitigation plans.
• Ensure that the security program meets relevant compliance obligations (such as data protection laws and pharmaceutical industry regulations). Support internal and external audits of security controls, providing documentation and managing remediation of any findings.

Qualifications

• MINIMUM QUALIFICATIONS: Bachelor‚Äôs degree in Computer Science, Information Security, or a related field is required; a Master‚Äôs degree in Cybersecurity, Information Systems, or a related discipline is preferred.
• 10+ years of experience in cybersecurity or information security roles, with a substantial portion in security leadership or program management positions. Proven track record of successfully implementing large-scale, complex security projects or programs.
• Industry-recognized security certifications are highly desired (e.g., CISSP, CISM, GIAC/SANS).
• Experience in the pharmaceutical or healthcare industry or other highly regulated environments is beneficial.

Skills

• Strong leadership and influencing skills
• Ability to present technical and non-technical concepts to all levels of management and executive leadership
• Excellent teamwork, facilitation, relationship building, and negotiation skills
• Strong time management and multitasking abilities in a fast-paced, project-oriented environment
• Excellent written and verbal communication; ability to translate security concepts for various audiences
• Aptitude for continuous learning and staying up-to-date with security trends

Education

• Bachelor‚Äôs degree in Computer Science, Information Security, or a related field; Master‚Äôs preferred.

Additional Requirements

• Travel: 25%