Business Information Security Partner - Manufacturing/Supply Chain and Back Office
AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.
Manufacturing/Supply Chain and Back Office Business Information Security Partner
Are you an energetic Information Security leader that enjoys working with all levels of IT leadership and business partners? Do you want to be part of a dynamic, agile, multifaceted organization? Do you enjoy solving multidimensional puzzles? The Manufacturing/Supply Chain and Back Office Business Security Partner will be the primary information security point of contact, working with the business functions on projects including internal and external data platforms, enterprise integration, medical device security, manufacturing plant/network security, new product launches and other initiatives supporting the Abbvie business.
As part of the Enterprise Systems and Operations extended leadership team, the role will lead information security and risk management across technology investments in Enterprise Platforms (SAP, Workday, etc.) and Corporate (Finance, Legal, HR, etc.) and Operations (Supply Chain, Manufacturing, Purchasing, Quality, etc.) functions. Role is accountable for creating and executing process and frameworks for application security, ensuring proper engagement and reviews of proprietary apps (in partnership with internal and external product development teams), ensuring data security and compliance to key regulatory and enterprise security policies. Keep abreast of and others appraised of changes to data privacy regulations, information security risks, threats and opportunities, compliance with corporate standards, and issues affecting Manufacturing/Supply Chain and Back Office technologies and dependent up/down stream systems. Advocate for technology innovation and investment across BTS and other internal groups.
• Act as the “CISO” for the division
• Implement, monitor and continuously innovate and improve application development and security framework for external applications and technology
• Act as partner and proactively support technology innovations to ensure secure and ongoing stable and safe technology.
• Communicate security strategies, risks, and gaps to non-technical stakeholders proactively and regularly.
• Compile, analyze, and communicate information security and risk metrics to senior management
• Prioritize security and compliance risks across the business
• Represent the corporate Information Security and Risk Management (ISRM) organization in local security and compliance matters
• Conduct quarterly business reviews with business leadership to drive risk accountability into the business.
• Ensure risk remediations are prioritized appropriately with key stakeholders.
• Develop and lead relevant governance oversight boards within the business on ISRM subject matter.
• Manage the risk register process for the business and ensure that risk dispositions are tracked and reported on
• Lead the implementation of the corporate ISRM and privacy policies across the business. Provide guidance on how to effectively implement such policies.
• Assist in the management and execution of 3rd party risk management
• Serve as an ISRM SME, coordinating and providing multi-disciplinary knowledge, skills, and experience in regulatory/compliance and security architecture.
• Collaborate with the Information Security organization to execute on an Intellectual Property protection program.
• Review of vulnerability and patching reports to assist in the prioritization and measure SLA adherence.
• Support formal investigations driven by various corporate functions.
• Responsible for compliance with applicable regulations, standards, and Corporate Policies across all technology.
- Role could be located in Lake County, Illinois or remote. If remote, it would require a minimum of 25% of time would be required to be physically present in Lake County, Illinois in addition to any other required travel.
• Bachelor's Degree and minimum of 12 years of experience in Information Security and IT Risk Management.
• 8-10 Years leading an Information Security team in a matrixed organization
• Demonstrated ability to proactively partner and communicate and understand the sense of urgency
• Extensive experience in designing and implementing enterprise security solutions in a global context.
• Deep understanding of Information Security and Risk Management frameworks impacting IT and Information Security (e.g., NIST, ISO).
• Excellent verbal and written communication skills with a wide range of audiences (e.g., executives, technologists, business stakeholders)
• A critical thinker with strong problem-solving skills.
• Information Security certifications preferred: CISSP
Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Yes, 10 % of the Time
Job Level Code
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.