Information Security - Lead

Job Description

Philips is a global leader in health technology, committed to improving billions of lives worldwide and striving to make the world healthier and more sustainable through innovation. Driven by the vision of a better tomorrow. But itu2019s not just what we do, itu2019s who we are. Weu2019re 80,000, wonderfully unique individuals, with two things in common. An unwavering sense of purpose and a relentless determination to deliver on our customersu2019 needs. Itu2019s what inspires us to create meaningful solutions u2013 the kind that makes a real difference u2013 when it matters most. The world and our customersu2019 needs are changing faster than ever before. While weu2019re proud of what we do already, we know we can do more. Thatu2019s why we need you to help us tackle the increasingly complex challenges posed by ever-evolving health and well-being needs.

You are responsible to:
u2022 Information Security Strategy:
o Develop and execute a comprehensive operation technology and supply chain information
security strategy aligned with industry best practices.
o Evaluate, recommend, and implement security measures to protect systems, networks, and data
throughout the Integrated Supply Chain (ISC).
u2022 Risk Management:
o Identify and assess potential security risks in Operation Technology (OT) and Integrated Supply
Chain (ISC).
o Collaborate with cross-functional teams to develop and implement risk mitigation strategies.
u2022 Security Architecture:
o Design, implement, and maintain a robust security architecture for Operation Technology (OT)
and Integrated Supply Chain (ISC).
o Ensure compliance with relevant regulations and standards, such as HIPAA, FDA etc., and other
regulatory security requirements.
u2022 Incident Response:
o Develop and maintain incident response plans for Operation Technology (OT) and Integrated
Supply Chain (ISC).
o Lead investigations into security incidents, analyze root causes and implement corrective actions.
u2022 Supplier Management:
o Collaborate with suppliers and third-party partners to ensure the security of external systems
and services in the supply chain.
o Conduct regular security assessments of vendors to ensure compliance with information security
standards.
u2022 Training and Awareness:
o Develop and deliver training programs to educate employees and stakeholders on Operation
Technology (OT) and Integrated Supply Chain (ISC) information security best practices.
Foster a culture of security awareness and compliance throughout the organization.
u2022 Develop and implement comprehensive OT security strategies that align with industry best practices and regulatory requirements.
u2022 Build IT/OT SOC, execute OT incident response
u2022 Identify OT vulnerabilities and perform remediation without causing system unavailability.
u2022 Deploy Firewalls to segment OT systems from other standard IT environments.
u2022 Define Security Policy Framework customized for Supply Chain Technologies
u2022 Identify appropriate tools/solutions in the areas of inventory collection, vulnerability management,
antivirus, endpoint detection and response
u2022 Develop and maintain robust ISC security controls to protect Philips business from security breaches/
incidents.
u2022 Hands-on experience in designing and deploying multiple OT IDS solutions
u2022 Experience with handling well-known OT technologies - Nozomi Guardian, Armis, Claroty and Microsoft
Defender for IoT (CyberX)
u2022 Experience in conducting risk assessments, and maturity assessment for OT systems and products to
identify and prioritize security threats and weaknesses
u2022 Evaluate new cybersecurity threats and IT trends and develop effective security controls.
u2022 Establish regular governance with service owners to review security control status
u2022 Liaison with Philips Information Security Office in driving the security Improvement Program
u2022 Define and report on information security KPIs.
u2022 Analyze application end to end, prepare threat modelling (STRIDE, PASTA & DREAD) based on different
risk scenarios and drive to fix those risks
u2022 Prepare security use cases / functional requirements that new solutions need to meet. Validate those
requirements are met when the solution is delivered
u2022 Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real
threat actors.
u2022 Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern

You are a part of
Enterprise IT ISC Security team working closely with supply chain business leaders, and business contacts at
manufacturing sites and warehouse/distribution centers.

To succeed in this role, you should have

u2022 Excellent English language communication skills, both verbal and written. Cross-cultural etiquette,
customer-centric and collaborative mindset.
u2022 Works autonomously within established procedures and practices.
u2022 Good command of stakeholder management, judgement, conflict resolution, risk & mitigations.
u2022 Provides leadership to the global team at strategic, tactical, and operational levels
u2022 Maintains current knowledge of industry and regulatory trends and developments for enterprise
technology.
u2022 Specialized in multiple Security domains such as incident response, operational assessment of security
posture, and general security management.
u2022 Thorough understanding of Security Management principles, Security governance principles
u2022 Good knowledge of MITRE Framework, IEC 62443/NIST 800:23/
Qualification
u2022 Bacheloru2019s or Masteru2019s degree in Information Technology and or commensurate experience in delivering
security solutions.
u2022 Overall Enterprise IT Security experience of 10 yrs or more.
u2022 Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

Our commitment to inclusion and diversity

At Philips, we provide equal opportunities to all our employees and to all eligible applicants for employment in our companyu00A0, irrespective of age, color, disability, nationality, race, religion, gender, sexual orientation (LGBTQ +), and all aspects that make individuals unique. Encouraging diversity and fostering inclusion are key to our mission of improving the lives of 2.5 billion people a year by 2030 through meaningful innovation. We have fair, transparent, and clear employee policies which promote diversity and equality, in accordance with currently applicable law.u00A0For, we believe that life is better when #youareyou.

About Philips
Weu2019re a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
u2022 Learn more about .
u2022 Discover .
u2022 Learn more about .

If youu2019re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion .