Cyber Defense Center Lead

At Hovione, we help partners turn scientific innovation into medicines that reach patients around the world. For more than 65 years, we have connected science and technology to scale complex ideas into high-quality and innovative solutions that truly make a difference.

As an international Contract Development and Manufacturing Organization (CDMO), we support the development and manufacture of drug substances, intermediates and drug products across the full life cycle. We are globally recognized for our leadership in specialized technologies such as Spray Drying and Continuous Tableting. But what truly sets us apart is not just what we do — it is how we do it: with purpose, care, collaboration and a deep commitment to doing the right things right.

Our people are the reason for our success. We are a global and diverse team of more than 2,600 team members across Europe, the USA and Asia, bringing together different experiences and perspectives to help our partners to overcome complex challenges. We believe that an inclusive environment — where everyone, regardless of background, identity or ability, is respected, heard and empowered to contribute — is essential to drive innovation, ensure quality, and secure long‑term sustainable success.

And as we grow, so do the opportunities for our people to develop, broaden their perspectives and build meaningful careers. Because at Hovione, better starts with those who choose to make a difference every day. Will you be one of them?

• Define and own the cyber defense strategy, roadmap, and operational doctrine for Hovione, aligning with client SLAs, regulatory mandates, and threat intelligence posture.
• Lead and develop a high-performing, 24×7 team of SOC analysts (L1–L3) in a hybrid approach, threat hunters, incident responders, and OT security engineers across multiple client portfolios.
• Serve as executive sponsor for security risk posture, threat landscape, and incident trends to the Director level of Cybersecurity.
• Drive continuous improvement of detection engineering, playbooks, SOAR automation, and MTTA/MTTD/MTTR metrics across all client environments.
• Lead and coordinate the CSIRT function as Incident Commander for high-severity and critical incidents, ensuring structured triage, containment, eradication, and recovery
• Design and maintain CSIRT operating procedures, escalation matrices, tabletop exercise programs, and post-incident review (PIR) frameworks.
• Manage stakeholder communications during active incidents — internal, client-facing, and regulatory — including breach notification obligations under GDPR, NIS2, and sector-specific frameworks.
• Interface with national CERTs, law enforcement, ISACs, and sector-specific bodies during major incidents and threat campaigns.
• Build and test Business Continuity and Disaster Recovery (BCDR) plans integrated with CSIRT response capabilities.
• Oversee OT/ICS security monitoring using Purdue Model-aware segmentation strategies and purpose-built tooling, ensuring zero disruption to operational continuity.
• Bridge IT/OT convergence gaps — establish policies, detection logic, and response protocols specifically tuned for industrial environments (SCADA, DCS, PLCs, HMIs).
• Conduct and coordinate the deployment, integration and initial configuration of new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically
• Manage and operate Hovione’s internal SIEM platform and oversee all integrations and correlations
• Respond to all security events, alerts and incidents according to internal guidelines and procedures
• Act as the main security incident commander and coordinate cyber incident war rooms, cyber crisis war rooms and manage all necessary stakeholders
• Lead investigations of complex security incidents and coordinate remediation efforts
• Create and manage playbooks and runbooks for efficient security response and threat management
• Create and lead threat hunting exercises across the entire threat landscape for Hovione

• University, or equivalent, qualification in Information Technology or similar scientific field (mandatory)
• 8+ years in cybersecurity, with minimum 5 years in a leadership role within a SOC, CSIRT, or MSSP/CDMO environment
• Proven experience as Incident Commander on major cyber incidents (ransomware, nation-state APT, supply chain attacks)
• Hands-on expertise with CrowdStrike Falcon platform at an architectural and operational level
• Deep familiarity with MITRE ATT&CK (Enterprise + ICS) and threat intelligence operationalization
• Solid grounding in OT/ICS security concepts, monitoring strategies, and incident handling within critical infrastructure environments

Hovione is a proud Equal Opportunity Employer

Inclusion and diversity are key to us. We are committed to creating an inclusive recruitment experience and welcome applications from all qualified candidates. If you require any reasonable accommodation or support during the application or interview process, please contact us, and we will be happy to assist.

Notice to Agencies and Search Firms Representatives
Hovione does not accept unsolicited résumes from agencies or search firms for this job posting. Any resumes submitted to Hovione by a third-party agency or search firm without a valid written and signed search agreement will become the sole property of Hovione. No fees will be paid if a candidate is hired for this position as a result of an unsolicited referral. Thank you for your understanding.