VP, Chief Information Security Office (CISO) Remote

Role Summary

Reporting to the CIO, the VP/CISO will provide strategic and tactical leadership of global information security, disaster recovery, IT risk management, computer systems validation and compliance programs for the enterprise. This role develops the Information Security strategy and roadmaps to meet regulatory, government, client, and compliance mandates using a risk-based framework. The leader will direct technology and architectural direction, drive awareness programs, and enable lean delivery while protecting and enabling the business from evolving security threats. The successful candidate will be a strong thought and people leader with excellent communication skills, able to translate complex security concepts to diverse audiences and collaborate across business stakeholders, regulatory bodies, and the Board of Directors.

Responsibilities

• Sets the vision, strategy & direction for the development & implementation of comprehensive information security, disaster recovery, IT risk management & compliance programs.
• Owns Board of Directors & Executive level communication, translating complex information security threats, risks & programs into achievable, sustainable technology solutions and roadmaps.
• Develops and delivers a tiered security dashboard for cybersecurity governance; identifies problems, measures progress, and continuously improves operations.
• Creates and leads an enterprise information security awareness program to ensure compliance and understanding of risk trade-offs.
• Translates risk tolerance and exposure into balanced investments across the organization.
• Leads the team to implement security standards, procedures & guidelines and reports security performance against metrics.
• Ensures and monitors security compliance with industry and government regulations (e.g., GDPR, HIPAA, ISO 27001, SEC).
• Builds, develops and retains cybersecurity talent; supports career development and engagement initiatives.
• Liaises with external agencies to maintain a strong security posture.
• Monitors external threat environment and advises on appropriate courses of action.
• Develops and oversees disaster recovery policies aligned with business continuity goals.
• Sets the vision and direction for incident response management and integrates with business continuity and crisis management programs.
• Provides leadership of the IT Computer Systems Validation (CSV) team.
• Mentors and develops staff to increase engagement and performance.
• Exhibits fiscal stewardship within all areas of responsibility.

Qualifications

• Required: Bachelor’s degree in IT, business, or related discipline; Master’s degree in Business Administration or related field preferred.
• Required: Minimum of 15+ years of experience in Information Security.
• Required: Minimum of 5+ years of experience as Chief Information Security Officer (CISO).
• Required: 7–10 years of experience within the pharmaceutical industry, preferably in pharmaceutical manufacturing facility operations.
• Required: Technical understanding of applications, networks, and databases; understanding of Cloud technologies (SaaS, PaaS, IaaS).
• Preferred: Defense industry experience.
• Required: Industry-recognized certifications in information security and risk management with knowledge of national and international regulatory frameworks.
• Required: Deep understanding of CSV guidelines issued by regulatory agencies including FDA and MHRA and standards such as GAMP5.
• Required: Ability to build and manage relationships at all levels and to manage cross-functional teams.
• Required: Visionary leadership with strong business acumen and knowledge of information security technologies, policies, and their application.
• Required: Excellent written and verbal communication skills.
• Required: Commitment to quality and value in deliverables; practical, no-nonsense approach to getting things done.

Education

• Bachelor’s degree in IT, business, or related discipline; Master’s degree in Business Administration or related field preferred