OT​/IT Cyber Security Program Manager

*
* Title:

** OT/IT Cyber Security Program Manager  
*
* Reports To:

** Chief Information Security Officer  
*
* Location:

** Richmond, VA
* Execute a comprehensive cybersecurity strategy and roadmap for the organization, aligning security initiatives with Indivior’s business goals and compliance requirements. Provide thought leadership on emerging long-term security investments and plans.
* NIST CSF Implementation:
Leverage the NIST Cybersecurity Framework (CSF) to structure and continuously improve the security program. Ensure that security controls and policies address all five NIST CSF functions – Identify, Protect, Detect, Respond, Recover – delivering a balanced and resilient defense for the enterprise.
* Lead cross-functional teams or projects and influencing without direct authority. Excellent communication skills are required to distill and present technical concepts to both technical teams and executive audiences in a clear, persuasive manner. Must be effective at building partnerships across organizations and managing stakeholder expectations
* Manage and maintain cybersecurity policies, standards, and procedures that reflect industry best practices and regulatory requirements. Drive regular review and updates on governance documents to ensure evolving threats and business changes, ensuring a “security by design” approach in all IT and business projects.
* Coordinate with cross-functional teams (IT operations, product engineering, compliance, and business units) to implement and enforce security controls. Serve as the primary program liaison between the security team and other departments, integrating security requirements into project plans and operational processes.
* Oversee third-party security assessments and vendor risk management activities. Work with procurement and vendor management teams to ensure external partners and service providers meet Indivior’s security standards. Address any gaps by driving remediation plans or implementing compensating controls.
* Utilize project management best practices (Agile and Waterfall) to drive security projects from inception to completion. This includes defining project scope, milestones, and success metrics; coordinating resources (internal teams and vendors); and tracking progress to ensure on-time, on-budget delivery of security initiatives.
* In-depth knowledge of information security frameworks and standards – especially the NIST Cybersecurity Framework – and experience applying them in an enterprise environment. Familiarity with other relevant frameworks (ISO 27001, CIS Critical Controls) and regulatory standards (e.g., GDPR, HIPAA) is a plus
* Provide team members in fostering a culture of continuous improvement and proactive risk management. Leverage program management skills to support team activities in delivering objectives.
* Define key performance indicators (KPIs) and risk metrics for the cybersecurity program. Monitor security program performance and risk levels and prepare regular reports and dashboards for leadership and relevant governance committees. Present program status and strategic recommendations to stakeholders, including CISO, CIO, and executive sponsors.
* While the primary focus is on program management will work closely with incident response teams to ensure preparedness and swift action during security incidents. Help coordinate post-incident reviews and integrate lessons learned into program updates and future risk mitigation plans.
* Ensure that the security program meets relevant compliance obligations (such as data protection laws and pharmaceutical industry regulations). Support internal and external audits of security controls, providing documentation and managing remediation of any findings.
* These duties help ensure the security and compliance of the pharmaceutical manufacturing
* Bachelor’s degree in Computer Science, Information Security, or a related field is required, a Master’s degree in Cybersecurity, Information Systems, or a related discipline is preferred.
* 10+ years of experience in cybersecurity or information security roles, with a substantial portion in security leadership or program management…