Haleon
Principal OT Security Architect (ZScaler)
Haleon, Phila, Pennsylvania, United States
Hello. We’re Haleon. A new world-leading consumer health company. Shaped by all who join us. Together, we’re improving everyday health for billions of people. By growing and innovating our global portfolio of category-leading brands – including Sensodyne, Advil, Voltaren, Theraflu, and Centrum – through a unique combination of deep human understanding and trusted science. Care to join us. It isn’t a question.
We are seeking a highly experienced and motivated
Principal OT Security Architect
to join our team in deploying and operating our zero-trust network architecture, with a specific focus on Zscaler solutions. The ideal candidate will have extensive experience managing Zscaler Zero Trust solutions—such as Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Zscaler Digital Experience (ZDX) in large enterprise environments with over 20,000 employees.
This critical role in the Digital and Tech Information Security organization will support our OT Manufacturing sites to ensure the highest level of service availability and enhance network security in alignment with business demands. The Principal OT Security Architect will assess, improve, and maintain the cybersecurity posture of the global manufacturing Operations Technology (OT) environment, including Industrial Control Systems (ICS) and Factory Automation systems.
Key Responsibilities
Architectural Leadership: Contribute to all aspects of architectural activities for the technology domain, managing the development of solution architectures specifically for Zscaler implementations within projects or programs.
Standards Definition: Define the standards and direction of architecture in the Zscaler environment, including logical design and information management strategies for secure data management.
Zscaler Architecture Patterns: Create architecture patterns that optimize the use of Zscaler solutions (ZIA, ZPA, ZDX, ZCC) to support holistic solution architecture design across the organization.
Strategic Deployment of Zscaler Solutions: Lead the strategic planning, deployment, and advanced configuration of Zscaler zero trust solutions (ZIA, ZPA, ZDX, ZCC) to meet complex security and operational requirements. Act as a Zscaler technical SME and a Level 4 Operational Support.
Governance Framework: Define, build, and evolve the Architecture Governance Framework (e.g., architecture methods, practices, and standards) specifically for Zscaler and its integration with IT/IOT/OT.
Security Controls Implementation: Define, design, apply, and support security controls for OT systems using Zscaler technologies. Be involved in a team of domain specialists to develop architectural security standards for Zscaler solutions in OT environments.
Roadmap Development: Analyze, design, and develop roadmaps and implementation plans focused on current vs. future states of Zscaler deployments.
Compliance Monitoring: Develop and implement measures, tools, and technology to monitor compliance with security policies, laws, and regulations, specifically in the context of Zscaler.
Cross-Functional Collaboration: Manage relationships with engineering teams and collaborate across the organization to maintain high network security levels, ensuring seamless integration of Zscaler solutions.
Network Traffic Analysis: Explore raw network traffic and perform in-depth data analysis related to Zscaler's performance and security.
Data Queries and Reporting: Create effective data queries, relevant dashboards, and reports focusing on Zscaler metrics for key stakeholders.
Operational Leadership: Provide senior-level operational leadership and support for the zero-trust architecture, including proactive monitoring, advanced troubleshooting, and maintenance to ensure optimal performance.
Advanced Policy Management: Develop, implement, and manage sophisticated security policies and access controls within the Zscaler environment, aligning with organizational security objectives.
Incident Response: Lead the response to high-severity security incidents and alerts related to the Zscaler environment, conducting thorough root cause analysis and implementing robust corrective actions.
Performance Optimization: Continuously monitor and analyze Zscaler system performance, identifying and implementing enhancements to optimize user experience and system efficiency.
Comprehensive Documentation and Reporting: Maintain comprehensive documentation of Zscaler configurations, processes, and procedures, generating detailed reports on system performance, security incidents, and compliance for executive review.
Emerging Technologies: Recognize the value of emerging technologies and practices within Zscaler to enhance cybersecurity capabilities in manufacturing and lab environments.
Testing and Validation: Perform testing against ICS/OT devices and networks to validate the effectiveness of Zscaler security controls.
Leadership and Mentoring: Provide leadership, technology guidance, and mentorship to stakeholders and teams, fostering a positive culture and working environment focused on Zscaler's implementation and use.
Why you? Basic Qualifications
Bachelor’s degree in Computer Engineering, Computer Science, Information Technology, Electrical Engineering, Network Engineering, or a related technical field.
Minimum of 5 years of experience in IT and Operational Technology security.
Minimum 3 years experience in network operations and security, with a focus on zero trust architectures and Zscaler solutions in large enterprise environments (preferably over 20,000 employees).
Deep expertise in Zscaler Zero Trust Exchange components, including ZIA, ZPA, ZDX, and ZCC.
Strong knowledge of advanced network protocols, security principles, access control models, and industrial control system cybersecurity frameworks (e.g., IEC 62443, NIST CSF).
Sound knowledge on Industrial Control Systems ICS environment including design, protocols, and integration (OT 4.0 experience).
Experience working with Firewall, Next Gen Firewalls, and Network Security.
Ability to present technical design proposals and reports to internal customers and/or other senior engineering, management, and government groups in clear, complete, concise, and non–ambiguous terms.
Solid foundation in network architectures, network protocols, industrial protocols, Active Directory, Backup processes, virtualization of applications and other general IT knowledge.
Familiarity with tools for incident investigations, simulations, and forensics.
Open-minded, flexible, and thrive in a highly dynamic, ever-changing environment.
Exceptional problem-solving and analytical skills.
Strong written and verbal communication skills with the ability to present complex technical information clearly and concisely.
Ability to lead projects independently while collaborating effectively within teams.
Detail-oriented with strong organizational skills, capable of managing multiple priorities in a fast-paced environment.
Preferred Qualifications:
Proficiency in scripting and automation for network operations (e.g., Python, PowerShell) is a plus.
Relevant certifications such as CISSP, GICSP, CISM, or Zscaler Digital Transformation Professional (ZDTP) are highly desirable. Additional certifications like CCIE or CCNP are a plus.
Location:
This exciting opportunity offers a flexible hybrid work arrangement, allowing you to contribute from our Warren, NJ office as needed, or remote from EST or CST time zones.
Haleon offers a robust Total Reward package that consists of competitive pay and a comprehensive benefits program. This includes a generous 401(k) plan, tuition reimbursement and time off programs including 6 months paid parental leave. On day one, you are eligible for benefits, including our healthcare programs where the company pays for the majority of your medical coverage for you and your family. We also offer the opportunity to receive a discretionary bonus based on the achievement of key business performance and other incentive/recognition programs as part of the offering. The salary range for this role is: $135,868 to $170,000 plus an 18% bonus.
#Li-Hybrid
Haleon is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.
If you require a reasonable accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please contact us by sending an email to HR.AmericasSC-CS@haleon.com.
#J-18808-Ljbffr
We are seeking a highly experienced and motivated
Principal OT Security Architect
to join our team in deploying and operating our zero-trust network architecture, with a specific focus on Zscaler solutions. The ideal candidate will have extensive experience managing Zscaler Zero Trust solutions—such as Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Zscaler Digital Experience (ZDX) in large enterprise environments with over 20,000 employees.
This critical role in the Digital and Tech Information Security organization will support our OT Manufacturing sites to ensure the highest level of service availability and enhance network security in alignment with business demands. The Principal OT Security Architect will assess, improve, and maintain the cybersecurity posture of the global manufacturing Operations Technology (OT) environment, including Industrial Control Systems (ICS) and Factory Automation systems.
Key Responsibilities
Architectural Leadership: Contribute to all aspects of architectural activities for the technology domain, managing the development of solution architectures specifically for Zscaler implementations within projects or programs.
Standards Definition: Define the standards and direction of architecture in the Zscaler environment, including logical design and information management strategies for secure data management.
Zscaler Architecture Patterns: Create architecture patterns that optimize the use of Zscaler solutions (ZIA, ZPA, ZDX, ZCC) to support holistic solution architecture design across the organization.
Strategic Deployment of Zscaler Solutions: Lead the strategic planning, deployment, and advanced configuration of Zscaler zero trust solutions (ZIA, ZPA, ZDX, ZCC) to meet complex security and operational requirements. Act as a Zscaler technical SME and a Level 4 Operational Support.
Governance Framework: Define, build, and evolve the Architecture Governance Framework (e.g., architecture methods, practices, and standards) specifically for Zscaler and its integration with IT/IOT/OT.
Security Controls Implementation: Define, design, apply, and support security controls for OT systems using Zscaler technologies. Be involved in a team of domain specialists to develop architectural security standards for Zscaler solutions in OT environments.
Roadmap Development: Analyze, design, and develop roadmaps and implementation plans focused on current vs. future states of Zscaler deployments.
Compliance Monitoring: Develop and implement measures, tools, and technology to monitor compliance with security policies, laws, and regulations, specifically in the context of Zscaler.
Cross-Functional Collaboration: Manage relationships with engineering teams and collaborate across the organization to maintain high network security levels, ensuring seamless integration of Zscaler solutions.
Network Traffic Analysis: Explore raw network traffic and perform in-depth data analysis related to Zscaler's performance and security.
Data Queries and Reporting: Create effective data queries, relevant dashboards, and reports focusing on Zscaler metrics for key stakeholders.
Operational Leadership: Provide senior-level operational leadership and support for the zero-trust architecture, including proactive monitoring, advanced troubleshooting, and maintenance to ensure optimal performance.
Advanced Policy Management: Develop, implement, and manage sophisticated security policies and access controls within the Zscaler environment, aligning with organizational security objectives.
Incident Response: Lead the response to high-severity security incidents and alerts related to the Zscaler environment, conducting thorough root cause analysis and implementing robust corrective actions.
Performance Optimization: Continuously monitor and analyze Zscaler system performance, identifying and implementing enhancements to optimize user experience and system efficiency.
Comprehensive Documentation and Reporting: Maintain comprehensive documentation of Zscaler configurations, processes, and procedures, generating detailed reports on system performance, security incidents, and compliance for executive review.
Emerging Technologies: Recognize the value of emerging technologies and practices within Zscaler to enhance cybersecurity capabilities in manufacturing and lab environments.
Testing and Validation: Perform testing against ICS/OT devices and networks to validate the effectiveness of Zscaler security controls.
Leadership and Mentoring: Provide leadership, technology guidance, and mentorship to stakeholders and teams, fostering a positive culture and working environment focused on Zscaler's implementation and use.
Why you? Basic Qualifications
Bachelor’s degree in Computer Engineering, Computer Science, Information Technology, Electrical Engineering, Network Engineering, or a related technical field.
Minimum of 5 years of experience in IT and Operational Technology security.
Minimum 3 years experience in network operations and security, with a focus on zero trust architectures and Zscaler solutions in large enterprise environments (preferably over 20,000 employees).
Deep expertise in Zscaler Zero Trust Exchange components, including ZIA, ZPA, ZDX, and ZCC.
Strong knowledge of advanced network protocols, security principles, access control models, and industrial control system cybersecurity frameworks (e.g., IEC 62443, NIST CSF).
Sound knowledge on Industrial Control Systems ICS environment including design, protocols, and integration (OT 4.0 experience).
Experience working with Firewall, Next Gen Firewalls, and Network Security.
Ability to present technical design proposals and reports to internal customers and/or other senior engineering, management, and government groups in clear, complete, concise, and non–ambiguous terms.
Solid foundation in network architectures, network protocols, industrial protocols, Active Directory, Backup processes, virtualization of applications and other general IT knowledge.
Familiarity with tools for incident investigations, simulations, and forensics.
Open-minded, flexible, and thrive in a highly dynamic, ever-changing environment.
Exceptional problem-solving and analytical skills.
Strong written and verbal communication skills with the ability to present complex technical information clearly and concisely.
Ability to lead projects independently while collaborating effectively within teams.
Detail-oriented with strong organizational skills, capable of managing multiple priorities in a fast-paced environment.
Preferred Qualifications:
Proficiency in scripting and automation for network operations (e.g., Python, PowerShell) is a plus.
Relevant certifications such as CISSP, GICSP, CISM, or Zscaler Digital Transformation Professional (ZDTP) are highly desirable. Additional certifications like CCIE or CCNP are a plus.
Location:
This exciting opportunity offers a flexible hybrid work arrangement, allowing you to contribute from our Warren, NJ office as needed, or remote from EST or CST time zones.
Haleon offers a robust Total Reward package that consists of competitive pay and a comprehensive benefits program. This includes a generous 401(k) plan, tuition reimbursement and time off programs including 6 months paid parental leave. On day one, you are eligible for benefits, including our healthcare programs where the company pays for the majority of your medical coverage for you and your family. We also offer the opportunity to receive a discretionary bonus based on the achievement of key business performance and other incentive/recognition programs as part of the offering. The salary range for this role is: $135,868 to $170,000 plus an 18% bonus.
#Li-Hybrid
Haleon is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.
If you require a reasonable accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please contact us by sending an email to HR.AmericasSC-CS@haleon.com.
#J-18808-Ljbffr