Responsibilities:
- Lead and evolve the enterprise Governance, Risk & Compliance (GRC) program.
- Define and execute a multi-year cyber risk and compliance maturity roadmap aligned to NIST CSF v2.0, ERM, regulatory requirements, and business priorities.
- Own the cyber risk management lifecycle (identify, assess, prioritize, treat) and deliver executive-level reporting.
- Establish and maintain security governance frameworks, policies, standards, and exception management.
- Provide cybersecurity governance for GxP-regulated systems (data integrity, validation expectations, IT SDLC practices, and quality requirements).
- Ensure security policies/standards account for validated system constraints, change control, and inspection readiness.
- Oversee compliance for HIPAA, SOX, FDA-adjacent biotech regulations, CSV, privacy, and emerging regulations (e.g., NIS2).
- Lead audits/inspections/assurance; manage findings, remediation plans, and executive reporting.
- Own and mature third-party risk management (TPRM).
- Embed cybersecurity risk into system lifecycle and validation activities.
- Define and track risk-based metrics/KRIs focused on outcomes, maturity, and remediation effectiveness.
- Build and lead a high-performing GRC organization and deliver executive/board reporting.
Qualifications:
- Bachelorβs degree in a relevant field; MBA/Masterβs/JD preferred.
- 15+ years progressive cybersecurity, risk, compliance, or audit experience.
- 10+ years leadership building/leading GRC, risk, or compliance teams.
- Deep knowledge of NIST CSF, NIST 800-53, ISO 27001, and ERM frameworks.
- Experience in regulated environments (biotech/pharma/healthcare/life sciences).
- Ability to communicate complex risk to executives/board.
- CISSP/CISM/CRISC/CISA strongly preferred.
U.S. Pay Range: $229,500.00β$310,500.00. Eligible for annual short-term incentive and annual long-term incentive.
Benefits: medical/dental/vision, life/disability, lifestyle reimbursement, flexible spending/HSAs, 401(k) match, paid time off, wellness days, holidays, recharge breaks, and family resources/leave.