Lead Security, Risk, and Compliance Specialist

About The Position

Requirements

• Bachelor’s Degree in cybersecurity, computer science, or related field
• 8+ years of progressive experience in cybersecurity, including leadership roles in biotechnology/pharmaceutical organizations
• CISSP Certified Information Systems Security Professional
• Progressive experience in cybersecurity, including leadership roles in biotechnology/pharmaceutical organizations
• Experience securing OT/ICS environments and manufacturing systems
• Proven ability to lead teams, manage crises, and influence senior leaders and executives
• Ability to operate effectively in a high throughput, demanding, environment
• Familiarity with GxP (GMP, GCP, GLP) regulated systems and environments
• Ability to translate cybersecurity risk into business and scientific impact
• Experience supporting lab environments, OT/ICS, or manufacturing systems
• Strong background in program management, governance, and risk management
• Ability to manage cross-functional initiatives across IT, R&D, and Quality
• Build strong partnerships with all other business units
• Strong cross-functional coordination, the ability to communicate and escalate risk effectively, and the capacity to influence outcomes without direct authority.

Nice To Haves

• CISM - Certified Information Security Manager
• Strong knowledge of NIST, COSO, and other relevant frameworks

Responsibilities

• Support senior management in developing and executing the global cybersecurity strategy aligned to business, compliance, and manufacturing priorities
• Serve as the operational lead for enterprise security governance, risk management, and compliance programs across multiple regions and regulatory environments
• Drive adoption of security frameworks such as NIST CSF, NIST AI RMF, 21 CFR Part 11 and other industry specific requirements in alignment with organizational culture and risk appetite
• Partner with senior management to oversee outsourced MDR Security Operations Center (SOC), threat intelligence, incident response, investigations, security architecture and maintain cybersecurity regulatory/legal requirements
• Oversee development of advanced defense capabilities including zero trust architecture, identity security, and endpoint/OT protection
• Ensure successful delivery of security programs such as Identity and Access Management, Vulnerability Management and Cloud Security
• Partner with senior management to manage delivery of the IT Risk Management program. Direct IT risk assessments, manage IT risk register, supplier security evaluations, penetration testing and assist with audits across operations
• Partner with Legal, Privacy, Compliance, Information Technology, other key stake holders to ensure adherence to IT security and regulatory requirements
• Ensure AI risks are incorporated into the IT risk management program and are managed in accordance with the organization’s risk appetite and culture
• Collaborate with OT and other key business leaders to embed security into product design, avionics systems, and industrial control systems
• Operationalize security programs for manufacturing, research and development, IoT and other life sciences technologies
• Ensure secure integration of IT/OT systems, ensure required availability and protection of proprietary intellectual property
• Mentor and develop technical teams
• All other duties as required

Benefits

• medical / dental / vision / prescription coverage
• employee wellness resources
• savings plans (401k and ESPP)
• paid time off & paid parental leave benefits
• disability benefits