Job DescriptionThe ITRMS Critical Infrastructure Security Director is a pivotal role responsible for providing strategic guidance and expertise in operational technology (OT) cyber-security across multiple divisions within the IT & digital organization. This role focuses on integrating OT considerations into technical decision-making processes and fostering collaboration between IT and OT teams to ensure a comprehensive understanding of technical needs and challenges. The role also involves ensuring that technical teams are well-versed in the distinctions between OT and traditional IT and implementing industry standards and best practices for OT security within technical design and implementation processes.Position will require on the average 10% travel globally.Key Responsibilities:Provide OT strategic direction and expertise: The OT strategist should develop and communicate guidance for the implementation and management of strategic OT systems across the organization, ensuring alignment with business goals and objectives and NIST OT guidelines. They should also collaborate with relevant site teams to ensure consistent cybersecurity best practices are followed. Represent the company to industry OT organizations and suppliers: The strategist should act as the company's representative to industry organizations and suppliers, advocating for the company's objectives and influencing standards and supplier roadmaps to ensure that the company's OT initiatives are in line with industry best practices. Educate technical teams on OT complexities: The strategist should ensure that technical teams across the company understand the differences between OT and traditional IT and are equipped to address the specific requirements and complexities of OT environments. This may involve providing training and resources to enhance their OT knowledge and skills. Identify and mitigate cyber risks to OT systems: The strategist should lead the identification and assessment of potential cyber risks to OT systems, and design and implement measures to mitigate these risks. This will involve contributing to cybersecurity policies, procedures, and controls tailored to OT environments. Stay updated on OT trends and share knowledge: The OT strategist should stay abreast of OT trends, stay informed about emerging technologies, best practices, and industry developments, and incorporate all of this into our strategic guidance and vision. Share this knowledge and best practices with relevant internal stakeholders, such as the ITRMS, IRAB processes, and OT Council meetings, to ensure that the organization is leveraging the latest insights to advance its OT initiatives. Collaboration and Knowledge Sharing: Share knowledge and best practices with the team, contributing to a culture of innovation and continuous improvement. Monitoring and Evaluation: Continuously monitor the effectiveness and performance of implemented OT solutions. Identify areas for improvement, iterate on existing solutions, and ensure alignment with evolving business needs.Education:
Bachelor's degree in engineering degree / information technology / business degree or finance.
Education minimum requirements subject to change based on country.Required Experience and Skills:
Minimum 7 years or relevant work experience.
In-depth understanding of industrial cyber-security best practices and standards.
Excellent problem-solving skills with the ability to think strategically and analytically.
Experience in IT/OT cyber-security design and operations for critical infrastructure systems
Proven experience in building technology roadmaps and aligning with business architects to deliver appropriate technical solutions, especially for industrial control systems.
Strong communication and interpersonal skills to collaborate effectively with cross-functional teams and stakeholders.
Excellent collaboration experience with internal customers to architect security solutions to address operational risks
High personal integrity, credibility, and energy, with the capability to integrate diverse initiatives across various organizational groups as well as the ability to collaborate effectively with cross-functional teams, including IT, engineering, and operations.
Preferred Experience and Skills:
Mastery level understanding of Industrial Systems (ICS) and with industry standards such as PCI, NIST 800-53, 800-82, and 800-8183.
CISSP or equivalent certification
ITRMSCareersNOTICE FOR INTERNAL APPLICANTSIn accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.If you have been offered a separation benefits package, but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.Current Employees apply HERE (https://wd5.myworkday.com/msd/d/task/1422$6687.htmld)Current Contingent Workers apply HERE (https://wd5.myworkday.com/msd/d/task/1422$4020.htmld)US and Puerto Rico Residents Only:Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here (https://survey.sogosurvey.com/r/aCdfqL) if you need an accommodation during the application or hiring process.We are an Equal Opportunity Employer, committed to fostering an inclusive and diverse workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status, or other applicable legally protected characteristics. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:EEOC Know Your Rights (https://www.eeoc.gov/sites/default/files/2022-10/22-088EEOCKnowYourRights1020.pdf)EEOC GINA SupplementPay Transparency Nondiscrimination (https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp%20EnglishformattedESQA508c.pdf)We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.Learn more about your rights, including under California, Colorado and other US State Acts (https://www.msdprivacy.com/us/en/CCPA-notice/)U.S. Hybrid Work ModelEffective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.The Company is required to provide a reasonable estimate of the salary range for this job in certain states and cities within the United States. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate’s relevant skills, experience, and education.Expected US salary range:$149,400.00 - $235,100.00Available benefits include bonus eligibility, long term incentive if applicable, health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and sick days. A summary of benefits is listed here (https://www.benefitsatmerck.com/) .San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance OrdinanceLos Angeles Residents Only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring OrdinanceSearch Firm Representatives Please Read CarefullyMerck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.Employee Status:RegularRelocation:No relocationVISA Sponsorship:NoTravel Requirements:10%Flexible Work Arrangements:HybridShift:1st - DayValid Driving License:NoHazardous Material(s):n/aJob Posting End Date:11/29/2024A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.Requisition ID: R317799