Senior Director, Global Data Protection & AI Security

About The Position

Requirements

• Hands-on experience auditing AI/ML systems
• Leads data protection-by-design across AI and agentic AI systems — covering model training data governance, input/output monitoring, data residency enforcement, and access controls in multi-agent environments.
• Experience in pharmaceutical, biotechnology, or life sciences environments with direct exposure to GxP data integrity requirements, clinical trial data protection, or manufacturing IP security.
• Familiarity with Databricks Unity Catalog, Snowflake, or AWS data lake security architectures as they relate to DSPM and access governance.
• Experience operating or advising on AI data security considerations, including LLM training data governance, model output handling, and AI-specific insider risk vectors.
• Working knowledge of data catalog and metadata governance platforms (Collibra, Privacera) and their role in enforcing data protection policies.
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Information Management, or a related field required.
• 15+ years of progressive experience in information security or data protection, with demonstrated depth in DSPM, DLP, and insider risk disciplines.
• 5+ years in a leadership role with responsibility for a recognized security or data protection function, including people management at the Director or Senior Manager level.
• 3+ years of hands-on experience with enterprise DSPM or DLP platforms in a complex, multi-cloud environment.
• Demonstrated experience leading cross-functional programs involving HR, Legal, Privacy, and Security stakeholders.

Nice To Haves

• An advanced degree (MS, MBA, or equivalent) is preferred.
• Relevant certifications: CISSP, CIPP/E, CIPP/US, CDPSE, CIPM, CISM, or equivalent.

Responsibilities

• Determine organizational structures and allocate subordinate management responsibilities across the Global Data Protection function, including DS Consulting, Auto-Classification, Application and API Data Protection, Trusted Share/Data Mover, and DLP Monitoring sub-functions.
• Develop and execute a multi-year data protection strategy aligned to Regeneron’s business strategies and the company’s goals, including a phased roadmap for DSPM coverage expansion, DLP maturity, and insider risk program buildout.
• Serve as a member of, or key advisor to, the Enterprise Data & AI governance council on matters of data protection, privacy security, and AI data risk.
• Develop objectives for the function and monitor performance against goals across all sub-functions, ensuring schedules and performance requirements are met.
• Own the enterprise Data Security Posture Management (DSPM) strategy and program, overseeing the discovery, classification, and risk assessment of Regeneron’s 112+ PB data estate across on-premises, cloud (AWS, Snowflake, Databricks/Unity Catalog), and SaaS environments.
• Direct the phased expansion of Varonis coverage from current M365/O365 scope to Isilon NAS, cloud/IaaS, and additional SaaS platforms in alignment with the Secure Enterprise Data Fabric program roadmap.
• Provide strategy and direction for the full lifecycle of data protection controls spanning data in motion, data at rest, and data in use, across endpoint, cloud, email, and network channels.
• Oversee the development, deployment, and continuous tuning of DLP policies leveraging Microsoft Purview, Zscaler, Varonis, and complementary CASB/SASE capabilities.
• Own the enterprise Insider Risk program strategy, establishing a cross-functional program structure that integrates Human Resources, Legal, Corporate Security, and Security Operations capabilities under a unified operating model.
• Develop and mature the behavioral analytics and detection capability for intentional and accidental data misuse, leveraging Splunk UBA and DLP telemetry to identify anomalous data access, movement, and exfiltration patterns.
• Establish case management, investigation, and escalation protocols for insider risk incidents, ensuring appropriate coordination with HR, Legal, and Corporate Security while preserving investigative integrity and chain of custody.
• Interact regularly with senior management across functional areas to align data protection priorities with business strategies, including IOPS, Research, Commercial, and GCC India leadership.
• Develop and maintain audit-ready documentation, operational metrics, and program reporting for the CISO, Audit Committee, and external regulators.
• Engage external partners, managed security service providers, and industry peers to benchmark program maturity and import current-state threat intelligence relevant to pharmaceutical data protection.

Benefits

• health and wellness programs (including medical, dental, vision, life, and disability insurance)
• fitness centers
• 401(k) company match
• family support benefits
• equity awards
• annual bonuses
• paid time off
• paid leaves (e.g., military and parental leave)