Sr. Director, Global CyberSecurity
The Sr. Director, Global CyberSecurity, is responsible for BioMarin’s overall CyberSecurity personnel, processes, and technologies.
Reporting to the Senior Vice President and Chief Information Officer, Information Management, the Sr. Director, CyberSecurity, is a senior-level role that will be a key participant in the Information Management Leadership Team (IMLT), providing CyberSecurity oversight and guidance for BioMarin.
The Sr. Director, CyberSecurity, serves as the owner for all CyberSecurity activities related to the availability, integrity, and confidentiality of BioMarin’s systems and information. A key element of this role is working with executive management to determine acceptable levels of risk for the organization.
This position is responsible for establishing and maintaining a corporate-wide CyberSecurity management program to ensure that information assets are well-protected, including establishment of a risk register, tracking and communicating status of remediation activities, and reporting to Senior Executives on a recurring basis.
The successful candidate will have held a similar role as head of CyberSecurity at a comparable-sized or larger Global organization and be able to demonstrate experience leading a robust CyberSecurity program.
This role is based in BioMarin’s headquarters office in San Rafael, CA.
- Establish annual and long-range security and compliance goals, define CyberSecurity strategies, metrics, reporting mechanisms and program services.
- Develop and manage a framework for evaluating CyberSecurity’s maturity and a roadmap for continual program improvements.
- Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure information security and compliance with relevant regulatory and legal policies.
- Provide leadership for CyberSecurity incidents and act as primary control point during significant CyberSecurity incidents. Convene a CyberSecurity Incident Response Team (CIRT) as needed to address and investigate CyberSecurity incidences.
- Provider leadership for CyberSecurity-related audits and reviews within the Information Management organization, with partners in BioMarin’s Global Compliance and Ethics group, and with other business groups, as necessary to meet the needs of the organization.
- Understand and interact with business units to ensure that risk assessment and risk management processes are well understood, and that CyberSecurity policies and standards are consistently applied across all technology projects, systems, and services.
- Provide leadership to the CyberSecurity team, including management of BioMarin’s CyberSecurity Operations Center.
- Partner with business stakeholders across the company to raise awareness of CyberSecurity and risk management concerns, including management of CyberSecurity awareness training.
- Manage Vendor Risk assessment process, including recurring verification of the vendor risk profile.
- Assist with the overall business technology planning, providing a current knowledge and future vision for technology and systems.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner.
- Degree in business administration or a technology-related field required.
- Professional security management certification preferred (e.g., CISSP, CISM).
- Minimum of eight to 12 years of experience in a combination of risk management, information security, and technology management
- Knowledge of common information security management frameworks and practices, such as ISO/IEC 27001, NIST, SOX, GDPR, and HIPAA.
- Excellent written and verbal communication skills and high level of personal integrity
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
- Experience with contract and vendor negotiations and management including managed services.
- Experience with Cloud computing/Elastic computing across virtualized environments and related CyberSecurity risk identification and management.