Posted to MedZilla on 8/20/2017


US-MA, Senior Operational Technology Security Architect (TOPAZ) 214243BR_1502204240-MZ


Novartis is recruiting for a Senior OT Applications & Integration Security Architect (Security Expert) for our TOPAZ project. This position will be located in E. Hanover, NJ.

A global healthcare leader, Novartis has one of the most exciting product pipelines in the industry today. A pipeline of innovative medicines brought to life by diverse, talented, performance driven people. All of which makes us one of the most rewarding employers in our field. We're committed to peak performance, improving the quality of life, and embracing and leveraging diverse backgrounds, cultures and talents to achieve competitive advantage.


Enhance and ensure cyber security for our OT-systems. These OT-systems are used in primary and secondary manufacturing as well as warehouses, laboratory and building management. The candidate will define, design, apply and support security controls to OT systems in our sites.

Accountability Areas:

• Support / moderate with OT system standard owners and system vendors about proper system design to meet security requirements

• Support OT-system standard owners with advice on how to secure their systems

• Support in evaluating system data flows to define firewall rules

• Drive technically the implementation of OT-system security controls in our manufacturing sites (network segmentation, malware protection concepts)

Decision Making:

• Decides on best security controls and architecture within OT projects

• Decides roadmap for controls deployments in OT security in accordance with risk posture

Overall role:

• Supports the design of security protection in Industrial Controls Systems environments across all of Novartis divisions.

• Ensures adequate protection design and operating effectiveness

o Evaluates on an ongoing basis the potential security threats to Novartis OT

o Supports the definition and review of architectural standards and control requirements for OT

o Defines and identifies areas of exposure and potential improvement for OT security


• IT Security strategy execution in Tech-Ops ICS

• Deviation from standard controls across factories (or labs or buildings)

• # of Incidents at factories due to cyber security

Minimum Requirements

Position will be filled commensurate with experience EDUCATION:

• Masters or Bachelor degree in IT Engineering or Process Automation

• Professional ICS / OT security certification (e.g. GICSP), or IT security certifications (e.g. CISSP) required


• 4 years or more of in-depth experience of securing Industrial Control Systems (ICS), e.g. PLC, SCADA, DCS, Serialization solutions including:

- Experience in securing laboratory systems like chromatography, NIR, Raman and other laboratory including laboratory environmental equipment

- Solid foundation in laboratory / ICS support using IT topics that include network architectures, network protocols, industrial protocols, Active Directory, Backup processes, virtualization of applications and other general IT knowledge

- Good understanding of IT Security threat modeling, vulnerability assessments and pen-testing.

- In depth knowledge of GxP regulations and CSV, 21 CFR part 11

- Knowledge of related standards (e.g. IEC 62443, NIST 800-82)

• Fluent written & spoken English (required); additional languages (German) a plus

Personal skills:

• Able to work independent or in a team

• Able to work under pressure in time critical situations.

• Strong attention to detail in conducting analysis and forensics with an ability to accurately record full documentation to distribute recommended measures across the sites

• Excellent knowledge of project management

Please visit our website at


* If a direct employer requests that you go to their web site and complete your application there in order to be
  considered, please do so. Applications for all positions are subject to each employer's specific requirements.