Director - Operational Technology (OT) Cybersecurity

Location(s):

United States of America

City/Cities:

Atlanta

Travel Required:

00% - 25%

Relocation Provided:

No

Job Posting End Date:

April 25, 2024

Shift:

Job Description Summary:

The Director - Operational Technology (OT) Cybersecurity will be part of the Global Cybersecurity function and play a key role in supporting the development of a global, company-wide manufacturing cyber security program. This will include defining the strategic direction of the manufacturing cybersecurity program and driving the operational deployment of industrial controls systems cybersecurity solutions across multiple Coca-Cola Company manufacturing functions (Concentrate Product Supply, Flavor Manufacturing and North America Operating Unit facilities). The role will be responsible for defining and deploying control systems architecture, tools, processes, and people into a more mature, defensible posture and improve the Coca-Cola Company’s ability to detect, respond and recover from cyber threats and vulnerabilities in its manufacturing sites.

Function Related Activities/Key Responsibilities:

• Define manufacturing cyber security program objectives and scope; lead program governance activities, including oversight of program policies, metrics, and reporting.
• Lead collaboration with IT, Supply Chain, and manufacturing teams to support manufacturing cybersecurity initiatives.
• Develop and maintain Coca-Cola’s Industrial Controls Systems (ICS)/Operational Technology (OT) Security Standard and Risk Assessment process. Create and maintain a library of process documents, RACIs, procedures, guidelines, etc. in support of the manufacturing cyber security program and its various workstreams.
• Ensure consistent implementation of ICS/OT cyber security standards and requirements across global Coca-Cola manufacturing sites. Monitor and measure progress in achieving optimal alignment with objectives.
• Cultivate ICS/OT acumen within cyber security professionals and cyber security acumen within manufacturing professionals.
• In collaboration with stakeholder groups, develop and oversee deployment of ICS/OT-appropriate controls including: access control, asset inventory tools, network and asset monitoring, vulnerability and patch management, risk management, local and remote vendor connectivity, procurement/3rd party & vendor management, security, awareness/training, data protection, business continuity/disaster recovery, and asset decommissioning.

Education Requirements:

• Bachelor’s Degree in Appropriate Field Required (i.e., Information Systems, Computer Science, Cyber Security).
• Relevant industry certification strongly preferred – GISCP, CISA, CRISC, CISSP and/or CISM.

Related Work Experience:

• Minimum 5 years' experience in cyber security.
• Experience working with cyber security frameworks including NIST, NIST 800-53, and IEC 62443.
• Previous experience in project management, must have worked in building a program or workstream from a broader vision.
• Experience in or knowledge of industrial control systems/manufacturing engineering with focus on PLC and HMI systems.
• Experience managing people and/or teams.  

Functional Skills:

• Strong ability to influence and communicate risk and urgency of security initiatives with a variety of stakeholders. Must be able to handle difficult conversations professionally, but effectively with internal and external parties.
• Mature project management and organizational skills. Ability to define and collaborate on a broad vision and refine that vision to build a program/project/initiative from the ground-up and maintain and measure success.
• Detailed oriented and well organized, ability to manage multiple initiatives while appropriately prioritizing work relative to risk and urgency.
• A firm understanding of information assurance principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation), IT supply chain security/risk management policies/requirements/procedures, and IT security principles and methods, such as firewalls, demilitarized zones, and encryption and network security architecture concepts including topology, protocols, components, and principles (i.e., application of Defense-in-Depth).
• Ability to define and document how current operational technology (i.e., PLCs, HMI, etc) systems impact the security posture of the current environment, and identify and communicate the protection needs (i.e., security controls) to further mitigate security.
• Ability to work as part of a virtual global team to collaborate across geographic and organizational boundaries to deliver better business results and share best practices across a global System.

Skills:

Pay Range:

$159,300 - $184,700

Base pay offered may vary depending on geography, job-related knowledge, skills, and experience. A full range of medical, financial, and/or other benefits, dependent on the position, is offered.

Annual Incentive Reference Value Percentage:

30

Annual Incentive reference value is a market-based competitive value for your role. It falls in the middle of the range for your role, indicating performance at target.

Our Purpose and Growth Culture:

We are taking deliberate action to nurture an inclusive culture that is grounded in our company purpose, to refresh the world and make a difference. We act with a growth mindset, take an expansive approach to what’s possible and believe in continuous learning to improve our business and ourselves. We focus on four key behaviors – curious, empowered, inclusive and agile – and value how we work as much as what we achieve. We believe that our culture is one of the reasons our company continues to thrive after 130+ years. Visit Our Purpose and Vision to learn more about these behaviors and how you can bring them to life in your next role at Coca-Cola.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class. When we collect your personal information as part of a job application or offer of employment, we do so in accordance with industry standards and best practices and in compliance with applicable privacy laws.