Manager, GRC, Awareness and Application Security

Kyowa Kirin is a fast-growing global specialty pharmaceutical company that applies state-of-the-art biotechnologies to discover and deliver novel medicines in four disease areas: bone and mineral; intractable hematologic; hematology oncology; and rare disease. A Japan-based company our goal is to translate science into smiles by delivering therapies where no adequate treatments currently exist working from drug discovery to product development and North America we are headquartered in Princeton NJ with offices in California North Carolina and Mississauga Ontario.

Summary:

We are seeking a forward-thinking Manager GRC Awareness & Application Security to join our Global Information Security team. This role leads a unified function that embeds risk management policy governance and application security into daily business and development activities while cultivating a strong security-aware culture across the enterprise. The ideal candidate combines deep technical acumen with strong communication and program management capabilities to bridge governance culture and technical execution.

Essential Functions:

Lead the North America security GRC program ensuring alignment with global frameworks enterprise risk appetite and reporting standards.
Develop implement and maintain security policies and standards integrating them into GRC tooling develop workflows and operational processes.
Design and deliver a data-driven behavior-based security awareness and education program tailored to various user groups across the organization.
Partner with application teams to embed secure-by-design principles threat modeling and DevSecOps practices into SDLC and CI/CD pipelines.
Oversee third-party risk management activities including security due diligence vendor assessments and remediation tracking in collaboration with Legal and Procurement and IT teams
Advance application security maturity by implementing tools such as SAST DAST and/or SCA and ensuring remediation processes are embedded within engineering teams.
Develop and maintain dashboards and key risk indicators (KRIs) to measure:
o Organizational risk posture and control coverage.
o Effectiveness of awareness programs (click rates behavioral metrics completion trends).
o Application security maturity (vulnerabilities identified/prevented developer engagement remediation velocity).
Provide clear actionable insights to leadership transforming complex risk and technical data into meaningful business context.
Support internal and external audits regulatory assessments and compliance readiness activities across GxP HIPAA and data protection frameworks.
Collaborate closely with global peers to harmonize governance risk and application security practices across all regions.

Requirements:

Education
Bachelors degree in Information Security Computer Science Business or related field required; Masters degree preferred.

Certifications
Required: CISSP CRISC or equivalent; Preferred: CISM CSSLP or other AppSec/GRC certifications.

Experience:
At least 7 years of progressive experience in cybersecurity with hands-on expertise in the following domains: GRC security awareness application security; Demonstrated experience managing enterprise-wide risk or awareness programs within a regulated environment (pharma biotech healthcare or manufacturing); Strong understanding of software development lifecycles secure coding and DevSecOps integration; Experience managing vendor and third-party risk including contract and assessment processesFamiliarity with frameworks such as NIST CSF ISO 27001 and FDA/GxP compliance requirements.

Technical Skills
Strong proficiency in Governance Risk and Compliance (GRC) frameworks (NIST CSF ISO 27001 CIS Controls) and integration with enterprise GRC platforms and workflows.
Expertise in Application Security practices including secure SDLC DevSecOps integration and tools such as SAST DAST and SCA.
Experience developing and executing security awareness and behavior-based education programs using data-driven metrics and analytics.
Knowledge of third-party and vendor risk management processes including assessments contract reviews and remediation tracking.
Familiarity with regulatory and compliance requirements such as HIPAA GxP and 21 CFR Part 11 and with audit and readiness activities in regulated industries.
Proficiency in cloud and identity security fundamentals (AWS Azure GCP; IAM and Zero Trust concepts).

Working Conditions:

Requires up to 10 % domestic and international travel

The anticipated salary for this position will be $135000 to $160000. The actual salary offered for this role at commencement of employment may vary based on several factors including but not limited to relevant experience skill set qualifications education (including applicable licenses and certifications job-based knowledge location and other business and organizational needs.

The listed salary is just one component of the overall compensation package. At Kyowa Kirin North America we provide a comprehensive range of benefits including:

• 401K with company match
• Discretionary Profit Share
• Annual Bonus Program (Sales Bonus for Sales Jobs)
• Generous PTO and Holiday Schedule which includes Summer and Winter Shut-Downs Sick Days and Volunteer Days
• Healthcare Benefits (Medical Dental Prescription Drugs and Vision)
• HSA & FSA Programs
• Well-Being and Work/Life Programs
• Life & Disability Insurance
• Concierge Services
• Long Term Incentive Program (subject to job level and performance)
• Pet Insurance
• Tuition Assistance
• Employee Referral Awards

The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.

KKNA and all of its employees have an obligation to act in accordance with the law and with integrity in all our operations and interactions

It is the policy of Kyowa Kirin North America Inc. to provide equal employment opportunity to all qualified persons without regard to race religion creed color pregnancy sex age national origin disability genetic trait or predisposition veteran status marital status sexual orientation or affection preference or citizenship status or any other category protected by law.

When you apply to a job on this site the personal data contained in your application will be collected and stored by Kyowa Kirin Inc. (Controller) which is located at 510 Carnegie Center Dr. Princeton NJ 08540 USA and can be contacted by emailing Controllers data protection officer can be contacted at . Your personal data will be processed for the purposes of managing Controllers recruitment related activities which include setting up and conducting interviews and tests for applicants evaluating and assessing the results thereto and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of General Data Protection Regulation (EU) 2016/679 (GDPR) as necessary for the purposes of the legitimate interests pursued by the Controller which are the solicitation evaluation and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software Inc. a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controllers behalf. Accordingly if you are located outside of the United States your personal data will be transferred to the United States once you submit it through this site. The transfer will be made using appropriate additional safeguards under the standard contractual clauses approved by regulators for transfers of personal data outside the European Union.

Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR if you are located in the European Union you have the right to request access to your personal data to request that your personal data be rectified or erased and to request that processing of your personal data be restricted. You also have the right to data portability and to lodge a complaint with an EU supervisory authority. If you have any questions about our use of your data you may contact us by email at .

Recruitment & Staffing Agencies

Kyowa Kirin does not accept agency resumes unless contacted directly by internal Kyowa Kirin Talent Acquisition. Please do not forward resumes to Kyowa Kirin employees or any other company location; Kyowa Kirin is not responsible for any fees related to unsolicited resumes.

#LI-TT1 #Hybrid #Princeton