OT​/IT Cyber Security Program Manager

Job Title

OT/IT Cyber Security Program Manager

Chief Information Security Officer

Richmond, VA

The Cyber Security Program Manager will provide strong leadership for our cybersecurity program. In this role, you will lead the strategic development and delivery of enterprise-wide security initiatives, ensuring alignment with business objectives and regulatory requirements. The Program Manager will leverage the NIST Cybersecurity Framework as a guiding model, driving the implementation of security controls and processes that bolster Indivior’s security posture.

This position serves as a bridge between technical security teams and associated IT groups and leadership teams, translating complex security needs into actionable items. The role also will provide general vendor risk management involving the selection and coordination of third‑party security services and other business services. This position is crucial in helping protect Indivior’s production processes and global IT infrastructure.

• Execute a comprehensive cybersecurity strategy and roadmap for the organization, aligning security initiatives with Indivior’s business goals and compliance requirements. Provide thought leadership on emerging long‑term security investments and plans.
• NIST CSF Implementation:
  Leverage the NIST Cybersecurity Framework (CSF) to structure and continuously improve the security program. Ensure that security controls and policies address all five NIST CSF functions – Identify, Protect, Detect, Respond, Recover – delivering a balanced and resilient defense for the enterprise.
• Lead cross‑functional teams or projects and influence without direct authority. Excellent communication skills are required to distill and present technical concepts to both technical teams and executive audiences in a clear, persuasive manner. Must be effective at building partnerships across organizations and managing stakeholder expectations.
• Manage and maintain cybersecurity policies, standards, and procedures that reflect industry best practices and regulatory requirements. Drive regular review and updates on governance documents to ensure evolving threats and business changes, ensuring a “security by design” approach in all IT and business projects.
• Coordinate with cross‑functional teams (IT operations, product engineering, compliance, and business units) to implement and enforce security controls. Serve as the primary program liaison between the security team and other departments, integrating security requirements into project plans and operational processes.
• Oversee third‑party security assessments and vendor risk management activities. Work with procurement and vendor management teams to ensure external partners and service providers meet Indivior’s security standards. Address any gaps by driving remediation plans or implementing compensating controls.
• Utilize project management best practices (Agile and Waterfall) to drive security projects from inception to completion. This includes defining project scope, milestones, and success metrics; coordinating resources (internal teams and vendors); and tracking progress to ensure on‑time, on‑budget delivery of security initiatives.
• In‑depth knowledge of information security frameworks and standards – especially the NIST Cybersecurity Framework – and experience applying them in an enterprise environment. Familiarity with other relevant frameworks (ISO 27001, CIS Critical Controls) and regulatory standards (e.g., GDPR, HIPAA) is a plus.
• Provide team members in fostering a culture of continuous improvement and proactive risk management. Leverage program management skills to support team activities in delivering objectives.
• Define key performance indicators (KPIs) and risk metrics for the cybersecurity program. Monitor security program performance and risk levels and prepare regular reports and dashboards for leadership and relevant governance committees. Present program status and strategic recommendations to stakeholders, including CISO, CIO, and executive sponsors.
• While the primary focus is on program management, will work closely with incident…