The Director - Operational Technology (OT) Cybersecurity will be part of the Global Cybersecurity function and play a key role in supporting the development of a global, company-wide manufacturing cyber security program. This will include defining the strategic direction of the manufacturing cybersecurity program and driving the operational deployment of industrial controls systems cybersecurity solutions across multiple Coca-Cola Company manufacturing functions (Concentrate Product Supply, Flavor Manufacturing and North America Operating Unit facilities). The role will be responsible for defining and deploying control systems architecture, tools, processes, and people into a more mature, defensible posture and improve the Coca-Cola Company's ability to detect, respond and recover from cyber threats and vulnerabilities in its manufacturing sites.
Function Related Activities/Key Responsibilities:

• Define manufacturing cyber security program objectives and scope; lead program governance activities, including oversight of program policies, metrics, and reporting.
• Lead collaboration with IT, Supply Chain, and manufacturing teams to support manufacturing cybersecurity initiatives.
• Develop and maintain Coca-Cola's Industrial Controls Systems (ICS)/Operational Technology (OT) Security Standard and Risk Assessment process. Create and maintain a library of process documents, RACIs, procedures, guidelines, etc. in support of the manufacturing cyber security program and its various workstreams.
• Ensure consistent implementation of ICS/OT cyber security standards and requirements across global Coca-Cola manufacturing sites. Monitor and measure progress in achieving optimal alignment with objectives.
• Cultivate ICS/OT acumen within cyber security professionals and cyber security acumen within manufacturing professionals.
• In collaboration with stakeholder groups, develop and oversee deployment of ICS/OT-appropriate controls including: access control, asset inventory tools, network and asset monitoring, vulnerability and patch management, risk management, local and remote vendor connectivity, procurement/3rd party & vendor management, security, awareness/training, data protection, business continuity/disaster recovery, and asset decommissioning.

Education Requirements:

• Bachelor's Degree in Appropriate Field Required (i.e., Information Systems, Computer Science, Cyber Security).
• Relevant industry certification strongly preferred - GISCP, CISA, CRISC, CISSP and/or CISM.

Related Work Experience:

• Minimum 5 years' experience in cyber security.
• Experience working with cyber security frameworks including NIST, NIST 800-53, and IEC 62443.
• Previous experience in project management, must have worked in building a program or workstream from a broader vision.
• Experience in or knowledge of industrial control systems/manufacturing engineering with focus on PLC and HMI systems.
• Experience managing people and/or teams.

Functional Skills:

• Strong ability to influence and communicate risk and urgency of security initiatives with a variety of stakeholders. Must be able to handle difficult conversations professionally, but effectively with internal and external parties.
• Mature project management and organizational skills. Ability to define and collaborate on a broad vision and refine that vision to build a program/project/initiative from the ground-up and maintain and measure success.
• Detailed oriented and well organized, ability to manage multiple initiatives while appropriately prioritizing work relative to risk and urgency.
• A firm understanding of information assurance principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation), IT supply chain security/risk management policies/requirements/procedures, and IT security principles and methods, such as firewalls, demilitarized zones, and encryption and network security architecture concepts including topology, protocols, components, and principles (i.e., application of Defense-in-Depth).
• Ability to define and document how current operational technology (i.e., PLCs, HMI, etc) systems impact the security posture of the current environment, and identify and communicate the protection needs (i.e., security controls) to further mitigate security.
• Ability to work as part of a virtual global team to collaborate across geographic and organizational boundaries to deliver better business results and share best practices across a global System.