Apply Now

Director, Information Risk & Compliance

Wood Dale, IL, USA | Leading Pharmaceutical / Biotech Company

  • Industry:
    Pharmaceutical / Biotech
  • Position Type:
  • Functions:
    General Management
    Risk Management
    Legal / Compliance
  • Experience:
    10-12 years
Job Description:
66 people have viewed this job

We are currently seeking a Director, Information Risk & Compliance to lead the information risk management program within the Danaher Information Security organization. This leadership role will oversee the effective identification, assessment, monitoring, and reporting of risk and the surrounding controls environment across the Danaher organization. Reporting directly to the Global CISO, this role leads a small team to bring thought leadership and analytical risk quantification together in partnering with business stakeholders to deliver effective cyber risk management practices.


Responsibilities:


Build and maintain a scalable, sustainable, and robust cyber risk management program including governance, assessment, monitoring, and reporting procedures


Develop, measure, and maintain a security controls framework that consists of standards, measures, practices, and procedures that provides assurance of compliance to regulatory requirements (NIST CSF & 800-53, ISO 27001, PCI, CCPA, and SOX)


Build a robust third-party supplier risk program to quantify and recommend compensating controls or risk mitigation techniques to reduce inherent risk within business operations


Establish a Data Protection Program to drive a data driven approach for classifying, discovering, enforcing, and maintaining company data through the data management lifecycle


Create and maintain security policies, procedures, and standards to govern application and enforcement of the controls environment


Ensure timely and effective continuous risk monitoring, measurement, and tracking through external service providers for current and emerging threats and impact on business objectives


Lead a small team of direct reports and lead through influence operating company personnel in managing risk to acceptable levels


Maintain, track, and improve KPIs and KRIs tied to effectively operating the cyber risk management program


Qualifications


Bachelor's degree in computer science, technology or related field


Relevant security certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK, etc.) are a plus 


Minimum 10 years’ experience in Information Security and/or IT Risk/Audit organizations


Leadership experience in a large, matrixed organization


Experience assessing administrative and technical controls impact on risk and translating resulting impact to non-technical stakeholders


Experienced rolling out risk management frameworks such as FAIR or OCTAVE in an enterprise environment


Experienced with security control frameworks including: NIST Cybersecurity Framework, SOX, SOC 2, NIST 80-53, ISO 27001, and PCI


Knowledgeable on IT General Controls and applicability to IT SOX compliance requirements


Strong understanding of the terminology, concepts, IT controls and best practices across key risk areas including risk assessment methodologies, identity and access management, cloud/SaaS, application security data loss prevention, networks, systems design and operations, and incident management


• Periodic travel up to 20% of timeImportant Competencies


Ability to learn and adapt to new requirements and priorities while driving to consistent outcomes


Proven ability to drive cultural change across an organization in achieving a risk-based decision-making culture


Demonstrated ability to analyze complex matters and produce detailed and prioritized actions to a defined conclusion


Demonstrated strategic thought leader experienced in leading organizational change and applying creative problem-solving approaches to deliver intended outcomes


Experienced managing a team of direct reports and well versed in leading through influence to achieve a common objective


Self-motivated, able to work independently and with a team 


Ability to communicate complex technical concepts in a comprehendable manner to non-technical person


Excellent communication skills, written and verbal


Other companies hiring with Ivy Exec

 Company Logos