Sr. Director – Business Security, Risk & Compliance (SRC) Lead

Role Summary

Reporting to the Chief Information Security Officer (CISO), the Sr. Director, Business Security, Risk & Compliance (SRC) Lead serves as the strategic security partner for Gilead’s global business functions. This leader drives digital and AI-aligned security strategy, guides secure technology adoption, and ensures risk-informed decision making across the enterprise. This is a site-based role located at our headquarters in Foster City, CA with a hybrid schedule of 2 days optional work from home and 3 days onsite. Leads a global team of six security professionals responsible for developing, implementing, and supporting Gilead’s information security, risk and compliance capabilities.

Responsibilities

Strategic Leadership & Digital Security Architecture

• Lead the development and execution of Gilead’s digital and AI aligned security strategy.
• Ensure cyber, AI, and information security risks are identified, assessed, communicated, and effectively managed; escalate material concerns as needed.
• Translate business, digital, and technology strategies into secure architectural designs and roadmaps.
• Drive system architecture decisions that balance functionality, service quality, performance, and security.

Business Partnership & Digital Enablement

• Serve as the primary security advisor to global business functions, collaborating to evaluate emerging digital and AI initiatives.
• Partner with IT Business Engagement teams to understand business priorities, requirements, and technology roadmaps.
• Influence technology choices to ensure alignment with security standards and regulatory expectations.

Technology Strategy, Innovation & Solution Development

• Evaluate and recommend emerging security technologies, tools, and platforms to enhance Gilead’s digital security posture.
• Lead the definition and evolution of security frameworks, standards, and reference architecture.
• Drive continuous improvement of security processes, systems, and delivery capabilities.
• Oversee the design and development of new digital security solutions and enhancements to existing capabilities.

Risk Management, Compliance & Controls

• Ensure digital solutions meet regulatory, risk, and compliance requirements across regions (including EU and APAC).
• Partner with Security Architecture & Governance and IT Risk & Compliance teams to define effective control requirements and operational implementation.
• Conduct and oversee security assessments, penetration testing, vulnerability analysis, and remediation efforts.

Operational Leadership & Incident Response

• Guide the deployment and optimization of security technologies including SIEM, IDS/IPS, SecOps tools, endpoint and network security, and firewalls.
• In the event of a cyber incident, lead coordinated response with SOC, IT teams, and business partners to contain impact and support recovery.

Metrics, Reporting & Communication

• Develop and track key performance indicators that measure the effectiveness of security controls and digital risk posture.
• Create compelling executive presentations that articulate strategy, risks, solution architectures, and roadmaps to senior leaders and stakeholders.

Team Leadership & Talent Development

• Lead and develop a high performing, globally distributed Security, Risk & Compliance team.
• Foster an inclusive, collaborative, and innovative team culture aligned with Gilead’s core values.
• Identify, attract, and retain top security talent, including management of external partners, vendors, and academic collaborators.

Qualifications

• Required: 10+ years of experience in IT, enterprise applications, or business technology functions.
• Required: 4–5+ years of experience in cybersecurity, privacy, or risk management leadership roles.
• Preferred: Industry certifications such as CISSP or equivalent.
• Preferred: Experience in both established enterprises and high-growth environments.

Education

• Bachelor’s degree in computer science, Information Systems, Business, or related field; advanced degree preferred.

Skills

• Strategic Thinking & Business Vision
• Innovation & Continuous Improvement
• Global Mindset
• Stakeholder Management
• Agility, Adaptability & Tolerance for Ambiguity
• Influence, Persistence & Accountability
• Team Leadership & Talent Development