Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals, and branded generic medicines. Our 109,000 colleagues serve people in more than 160 countries.
Our location in Saint Paul, MN currently has an opportunity for a Business Information Security Officer (BISO)
WHAT YOU'LL DO
Abbott continues to invest in cybersecurity capabilities to protect Abbott operations and data from cyber- attacks. These protections rely on engagement across our business and corporate divisions; therefore, we have created a new role called the Business Information Security Officer (BISO) that will work with technology and business leadership to adopt cybersecurity controls that protect their customer, business data, and critical operations.
Reporting through the Enterprise Cybersecurity group, the BISO will be aligned by business/corporate division. The BISO is the primary Cyber-point of contact for the assigned division and supports the implementation of the Cybersecurity program. This person will be a cybersecurity subject matter expert dedicated to supporting the division in making risk-informed decisions based on the evolving cyber threat landscape, regulatory requirements and Abbott policy. Similarly, the BISO will provide divisional insight to the Enterprise Cybersecurity organization to make business-informed decisions on enterprise policy and controls.
Core Job Responsibilities:
Enable security by design
Participate in key initiatives and projects to ensure that cybersecurity controls are accounted for early within the project and software development lifecycles. Work with the division and provide guidance that Information Security policy is complied with for processes, systems and strategic initiatives. Onboard technologies & platforms with minimum enterprise security controls.
Provide cybersecurity expertise and strategic thought leadership, balanced with an understanding of the Division's priorities.
Incorporate guidance from regional security team on impact of regional Cyber laws and mandates on enterprise security roadmaps. Partner with regional security team to maintain divisional compliance with regional cyber laws and regional audits.
Promote compliance with IT Security policy and guide the Division to BTS shared services as the solution of choice (e.g., Cloud hosting, Identity & Access Management, SSO authentication, Web design & hosting). Should those solutions not meet their needs, assist the Division in selecting a third-party solution that also complies with IT security policy.
Engage Enterprise Cybersecurity teams where additional subject matter expertise is needed in support of Divisional priorities.
Enable risk-informed decisions
Conduct Business Impact Assessments for new enterprise controls and facilitate the submission and approval of business-necessary exceptions to those controls both prior to deployment and ongoing.
Work with the Division to identify remediation roadmaps for enterprise control exceptions and track and report progress on those roadmaps.
Work with the Division & regional cyber group to define control enhancement roadmaps for unstructured and structured systems storing highly restricted and restricted data (including privacy) as identified in the Data Loss Protection Program.
Ensure that Cybersecurity Risk Assessments are conducted on all third-party suppliers and/or its subcontractors managing or processing personal or privacy information on behalf of Abbott and provide escalation for high-risk issues arising from those assessments. Partner with Regional Cyber office to ensure Risk assessments are conducted in all regions that division has a presence in.
Over time, work with the Division to identify business-critical suppliers that might also require a Cybersecurity Risk Assessment (e.g., due to supply chain criticality, failure by the supplier to provide services would put Abbott at risk).
Work with the Division to ensure Cybersecurity Risk Assessments are conducted on high-risk business applications, including & not limited to SaaS, Web applications (including eCommerce & Customer Relation Management). Provide escalation for high-risk issues arising from those assessments. Ensure remediation plans are tracked to completion.
Work with Division on a timely mitigation plan for critical and high-risk vulnerabilities.
Provide regular and timely reporting on Cybersecurity Issues and Exceptions to Division Leadership with context to how those translate as risk the business.
Over time, define other reporting and metrics that will be meaningful to the business and enable the Enterprise Cybersecurity to provide an Enterprise Risk view of Cybersecurity.
Facilitate Divisional Steering Committees for Enterprise Cybersecurity programs with appropriate business/corporate division leadership (currently Data Loss Protection and Manufacturing Cybersecurity)
Over time, consolidate into a single Divisional Cybersecurity Risk Steering Committee (potential to combine with Product Cybersecurity)
Support annual planning
Serve as a liaison between Enterprise Cybersecurity and the IT Division leadership during annual planning and strategic roadmap exercises to ensure Cybersecurity initiatives and issue remediation work is included in planning processes for funding and resource capacity, as needed.
Partner with IS, HR, Privacy, Legal and Regional Cyber teams to further the effectiveness of the Security program through effective partnerships.
Support Enterprise-wide Cybersecurity Maturity
Provide support to the Division IT and Operations in establishing their Manufacturing Cybersecurity roadmaps at Wave 1 and 2 sites and guide them in leveraging BTS shared services to achieve control compliance. Create regular and timely reporting of progress.
Coordinate response to Urgent-Critical vulnerabilities on non-integrated networks (Including but not limited to ARDx, Verpoharm, Glomed, CFR Etc.). Perform current-state analysis that includes vulnerability posture, control adoption and remediation status of critical and high risks and exceptions.
Coordinate response to Urgent-Critical vulnerabilities on divisionally managed IT and equipment, including gathering current-state vulnerability posture and remediation status. Provide information to Enterprise Cybersecurity Operations as requested.
Participate in Cybersecurity & Privacy Incident Response Team (CP IRT) events where divisional support is required. Provide information to Enterprise Cybersecurity Operations as requested.
EXPERIENCE, YOU'LL BRING
10+ years of Information Technology roles with experience & understanding of Cyber (or IT) Risk Management practices.
Broad security knowledge. Current understanding of Industry trends and emerging threats; and knowledge of incident response methodologies and technologies.
Experience in the design, development, implementation, and operational support of business-critical solutions in large scale environments and organizations.
Ability to translate technical/security issues to business users.
Executive presence. Excellent verbal and written communication skills. Ability to communicate to a wide range of audiences incl. executives, business stakeholders and IT team members.
Strong relationship, team building and facilitation skill.
Experience in delivering projects leveraging global teams with matrix resources. Ability to influence others to achieve objectives.
Follow your career aspirations to Abbott for diverse opportunities with a company that provides the growth and strength to build your future. Abbott is an Equal Opportunity Employer, committed to employee diversity.
Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 109,000 colleagues serve people in more than 160 countries.