Information Security Architect (Manager)

Job Title

Job Description

In this role, you have the opportunity to

The Integrated Supply Chain Security (ISCS) Lead will be responsible for developing, implementing and monitoring
a strategic, comprehensive IT security plan for the Integrated Supply Chain (ISC). The Integrated Supply Chain (ISC)
Lead will provide the vision and leadership necessary to manage the risk to the different areas of the Integrated
Supply Chain (ISC) and will ensure business alignment, effective governance, system and infrastructure availability,
integrity and confidentiality. As a Senior Operation Technology and Integrated Supply Chain (ISC) Information
Security Specialist, you will play a pivotal role in safeguarding our critical Operations Technology (OT) and
Integrated Supply Chain (ISC) information systems. You will be responsible for developing and implementing robust
security strategies, policies, and procedures to protect sensitive healthcare data, ensure operational continuity,
and mitigate potential risks.

You are responsible to
Key Responsibilities:
• Information Security Strategy:
o Develop and execute a comprehensive operation technology and supply chain information
security strategy aligned with industry best practices.
o Evaluate, recommend, and implement security measures to protect systems, networks, and data
throughout the Integrated Supply Chain (ISC).
• Risk Management:
o Identify and assess potential security risks in Operation Technology (OT) and Integrated Supply
Chain (ISC).
o Collaborate with cross-functional teams to develop and implement risk mitigation strategies.
• Security Architecture:
o Design, implement, and maintain a robust security architecture for Operation Technology (OT)
and Integrated Supply Chain (ISC).
o Ensure compliance with relevant regulations and standards, such as HIPAA, FDA etc., and other
regulatory security requirements.
• Incident Response:
o Develop and maintain incident response plans for Operation Technology (OT) and Integrated
Supply Chain (ISC).
o Lead investigations into security incidents, analyze root causes and implement corrective actions.
• Supplier Management:
o Collaborate with suppliers and third-party partners to ensure the security of external systems
and services in the supply chain.
o Conduct regular security assessments of vendors to ensure compliance with information security
standards.
• Training and Awareness:
o Develop and deliver training programs to educate employees and stakeholders on Operation
Technology (OT) and Integrated Supply Chain (ISC) information security best practices.
Foster a culture of security awareness and compliance throughout the organization.
• Develop and implement comprehensive OT security strategies that align with industry best practices and
regulatory requirements.
• Build IT/OT SOC, execute OT incident response
• Identify OT vulnerabilities and perform remediation without causing system unavailability.
• Deploy Firewalls to segment OT systems from other standard IT environments.
• Define Security Policy Framework customized for Supply Chain Technologies
• Identify appropriate tools/solutions in the areas of inventory collection, vulnerability management,
antivirus, endpoint detection and response
• Develop and maintain robust ISC security controls to protect Philips business from security breaches/
incidents.
• Hands-on experience in designing and deploying multiple OT IDS solutions
• Experience with handling well-known OT technologies - Nozomi Guardian, Armis, Claroty and Microsoft
Defender for IoT (CyberX)
• Experience in conducting risk assessments, and maturity assessment for OT systems and products to
identify and prioritize security threats and weaknesses
• Evaluate new cybersecurity threats and IT trends and develop effective security controls.
• Establish regular governance with service owners to review security control status
• Liaison with Philips Information Security Office in driving the security Improvement Program
• Define and report on information security KPIs.
• Analyze application end to end, prepare threat modelling (STRIDE, PASTA & DREAD) based on different
risk scenarios and drive to fix those risks
• Prepare security use cases / functional requirements that new solutions need to meet. Validate those
requirements are met when the solution is delivered
• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real
threat actors.
• Perform attack pattern analysis based on MITRE Attack framework, support solution development to
address the pattern

You are a part of
Enterprise IT ISC Security team working closely with supply chain business leaders, and business contacts at
manufacturing sites and warehouse/distribution centers.
To succeed in this role, you should have the following skills and experience
Soft Skills
• Excellent English language communication skills, both verbal and written. Cross-cultural etiquette,
customer-centric and collaborative mindset.
• Works autonomously within established procedures and practices.
• Good command of stakeholder management, judgement, conflict resolution, risk & mitigations.
• Provides leadership to the global team at strategic, tactical, and operational levels
• Maintains current knowledge of industry and regulatory trends and developments for enterprise
technology.
• Specialized in multiple Security domains such as incident response, operational assessment of security
posture, and general security management.
• Thorough understanding of Security Management principles, Security governance principles
• Good knowledge of MITRE Framework, IEC 62443/NIST 800:23/
Qualification
• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering
security solutions.
• Overall Enterprise IT Security experience of 10 yrs or more.
• Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

#LI