Cyber Resiliency Manager
Bristol-Myers Squibb (BMS) · Bothell - WA - US
Job description
Working with Us Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible. Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us. The Cyber Resiliency Manager for the manufacturing site is responsible for protecting and strengthening the resilience of site-specific IT and OT systems that support pharmaceutical production. This role ensures that the site can anticipate, withstand, respond to, and recover quickly from cyber incidents without compromising product quality, patient safety, or regulatory compliance. The manager acts as the site focal point for cyber risk management, incident response, and recovery planning, working closely with both site IT leadership and cybersecurity functions. This role is critical to ensuring uninterrupted pharmaceutical production and protecting patient safety in an increasingly complex threat environment. Major Responsibilities and Accountabilities: Cyber Risk Resiliency Strategy & Governance Develop and execute a site-level cyber resiliency program, aligned with BMS policies and standards. Identify and assess cyber risks across IT, OT, automation, and manufacturing execution systems (MES, SCADA, PLCs, Laboratory Instruments). Define and validate site-specific recovery time objectives (RTOs) and recovery point objectives (RPOs) for critical digital systems. Maintain and report site cyber resiliency KPIs and KRIs to site leadership and the enterprise cybersecurity function on a regular cadence. Align with the Site General Manager, Quality, and EHS functions on resiliency priorities and risk tolerance. Incident Response & Recovery Lead or co-lead the site cyber incident response process, coordinating with the CFC, IT, and OT teams. Oversee and test disaster recovery (DR) and backup strategies for site systems (e.g., MES, LIMS, ERP, automation). Support cyber crisis simulations, ransomware drills, and tabletop exercises with site leadership and operators. Ensure lessons learned from incidents are embedded into site resiliency practices. Operational Technology (OT) & Manufacturing Systems Resilience Partner with Engineering and Automation to secure ICS/OT environments, including patching, network segmentation, and secure remote access. Ensure redundancy and contingency measures for critical control systems and data flows. Collaborate with vendors and system integrators to strengthen the resilience of third-party technology supporting production. Compliance & Regulatory Readiness Ensure cybersecurity controls comply with GxP requirements and 21 CFR Part 11 as applicable to digital manufacturing systems. Support FDA, EMA, and other regulatory audit readiness, providing evidence of cyber resiliency controls and incident response capability. Collaborate with Quality and Validation teams on computer system validation (CSV/CSA) activities that intersect with cybersecurity. Maintain documentation and records to support regulatory inspections and internal audits. Awareness & Training Deliver cyber resiliency awareness training for site employees, with tailored sessions for operators, engineers, and leadership. Act as the resilience advocate at the site, embedding cyber recovery readiness into daily operations. Qualifications Minimum Requirements Minimum education of a bachelor’s degree in Cybersecurity, Computer Science, Engineering, or a related field is required. Minimum of five (5) years of experience in cybersecurity, OT security, or cyber resiliency, with at least three (3) years in a manufacturing or critical infrastructure setting is required. Strong understanding of OT/ICS environments, pharmaceutical manufacturing systems, and automation technologies. Demonstrated experience operating within a GxP-regulated environment (required). Familiarity with regulatory frameworks and expectations for cybersecurity in pharma (FDA, EMA). Familiarity with NIST CSF, IEC 62443 frameworks. Understanding of the Purdue Model or ISA/IEC OT network architecture. Hands-on experience with pharma manufacturing systems such as MES, LIMS, and ERP platforms (e.g., SAP). Strong stakeholder management and communication skills; ability to influence site leadership and cross-functional teams without direct authority. Experience developing and presenting risk reports, KPIs, and executive summaries. Preferred Qualifications GICSP (Global Industrial Cyber Security Professional) – highly relevant to OT/ICS context CISSP, CISM, or CRISC ISA/IEC 62443 certifications or ICS-CERT training #LI-Hybrid If you come across a role that intrigues you but doesn’t perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career. Compensation Overview: Bothell - WA - US: $125,480 - $152,049 The starting compensation range(s) for this role are listed above for a full-time employee (FTE) basis. Additional incentive cash and stock opportunities (based on eligibility) may be available. The starting pay rate takes into account characteristics of the job, such as required skills, where the job is performed, the employee’s work schedule, job-related knowledge, and experience. Final, individual compensation will be decided based on demonstrated experience. Eligibility for specific benefits listed on our careers site may vary based on the job and location. For more on benefits, please visit https://careers.bms.com/life-at-bms/. Benefit offerings are subject to the terms and conditions of the applicable plans in effect at the time and may require enrollment. Our benefits include: Health Coverage: Medical, pharmacy, dental, and vision care. Wellbeing Support: Programs such as BMS Well-Being Account, BMS Living Life Better, and Employee Assistance Programs (EAP). Financial Well-being and Protection: 401(k) plan, short- and long-term disability, life insurance, accident insurance, supplemental health insurance, business travel protection, personal liability protection, identity theft benefit, legal support, and survivor support. Work-life benefits include: Paid Time Off US Exempt Employees: flexible time off (unlimited, with manager approval, 11 paid national holidays (not applicable to employees in Phoenix, AZ, Puerto Rico or Rayzebio employees) Phoenix, AZ, Puerto Rico and Rayzebio Exempt, Non-Exempt, Hourly Employees: 160 hours annual paid vacation for new hires with manager approval, 11 national holidays, and 3 optional holidays Based on eligibility*, additional time off for employees may include unlimited paid sick time, up to 2 paid volunteer days per year, summer hours flexibility, leaves of absence for medical, personal, parental, caregiver, bereavement, and military needs and an annual Global Shutdown between Christmas and New Years Day. All global employees full and part-time who are actively employed at and paid directly by BMS at the end of the calendar year are eligible to take advantage of the Global Shutdown. *Eligibility Disclosure: The summer hours program is for United States (U.S.) office-based employees due to the unique nature of their work. Summer hours are generally not available for field sales and manufacturing operations and may also be li
Verified and listed by ActiveJobs. Applications are made directly on Bristol-Myers Squibb (BMS)'s own career page — we never sit in the middle.