Key skills
AWSAzureCloudCyber SecurityFirewallsGoogle Cloud
About this role
Role Overview
- Define and maintain global network architecture standards for enterprise, industrial, cloud, and site environments across global sites
- Assume full ownership and design authority for global network architecture
- Support Bachem’s digital strategy, in particular digital manufacturing and Pharma 4.0 concepts, and provide technical governance for managed service providers, telecom carriers, automation vendors, and OT system integrators
- Own a multi-year IT/OT network strategy and roadmap, including modernization, standardization, technical debt reduction, and end-of-life planning
- Design secure and resilient OT network architectures for shop-floor and production environments, including IT/OT segmentation using zones, conduits, DMZs, firewalls, VLANs, access controls, and controlled data flows
- Ensure local network designs align with global standards and site-specific operational needs by supporting design reviews, commissioning, cutovers, migrations, acceptance testing, and post-implementation validation
- Ensure network architecture supports cybersecurity, risk, and GxP compliance requirements across IT and OT by aligning with internal policies and relevant standards such as IEC 62443, ISO 27001, NIST OT security guidance, and ITIL practices
- Maintain architecture documentation, including standards, reference architectures, site blueprints, segmentation models, design templates, decision records, exceptions, and risk acceptance documentation
- Ensure designs are operationally supportable by IT, OT, site, and managed service teams, and define operational runbooks, support models, escalation paths, and disaster recovery requirements
Requirements
- Extensive experience in network architecture, infrastructure architecture, or senior network engineering in global or multi-site enterprise environments, ensuring GxP compliance
- Practical experience with OT or industrial networks designing IT/OT segmentation and secure connectivity patterns in manufacturing, pharmaceuticals, or similar environments
- Experience with architecture governance, technical standards, design documentation (HLD, LLD, standards, reference architectures, diagrams, decision records, and risk documentation)
- CCNP, CCIE, or equivalent enterprise networking certification
- CISSP, CISM, CRISC, or equivalent security certification in addition to IEC 62443
- ITIL Foundation or higher, TOGAF or equivalent architecture certification
- Cloud networking certification for Azure, AWS, or Google Cloud
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Firewalls
Benefits
- Flexible working hours with home office days and an option for obtaining additional vacation days through workload reduction
- Company‑run daycare center on the Bachem Campus in Bubendorf
- 60% coverage of pension fund contributions by Bachem AG as well as option for extra-mandatory pension provision with our Pension Plan Plus
- Access to benefits platforms with discounts from external partners
- Fresh, healthy and varied food in our staff restaurant
- A wide range of free sports activities on the Bachem Campus