Sr. Director – Business Security, Risk & Compliance (SRC) Lead

Overview

Gilead Sciences is aresearchdrivenbiopharmaceutical company committed to delivering lifesaving therapies to patients worldwide. Our teams work collaboratively to advance scientific innovation accelerate access and improve health outcomes across major therapeutic areas including HIV/AIDS liver diseases oncology inflammation respiratory disease and cardiovascular conditions.

As part of Gileads global technology and security organization theSr. Director Business Security Risk & Compliance (SRC) Leadplays a critical role in shaping and securing the digital future of the enterprise.

This is a site based role located at our headquarters in Foster City CA. Remote work is not available for this particular position. We do offer a hybrid schedule of 2 days optional work from home/3 days onsite.

Role Summary

Reporting to the Chief Information Security Officer (CISO) the Sr. Director Business Security Risk & Compliance (SRC) Lead serves as the strategic security partner for Gileads global business functions. This leader drives digital and AIaligned security strategy guides secure technology adoption and ensuresrisk informeddecisionmakingacross the enterprise.

The role collaborates closely withInformation Security Risk & Compliance leadersIT Business Engagement Enterprise Security Architecture Infrastructure Engineering Application Development teams and business stakeholders across all regions. It also provides leadership and oversight for a global team of six security professionals responsible for developing implementing and supporting Gileads information securityriskand compliancecapabilities.

Core Responsibilities

Strategic Leadership & Digital Security Architecture

• Lead the development and execution of Gileads digital andAI alignedsecurity strategy.

• Ensure cyber AI and information security risks areidentified assessed communicated and effectively managed; escalate material concerns as needed.

• Translate business digital and technology strategies into secure architectural designs and roadmaps.

• Drive system architecture decisions that balance functionality service quality performance and security.

Business Partnership & Digital Enablement

• Serve as the primary security advisor to global business functions collaborating to evaluate emerging digital and AI initiatives.

• Partner with IT Business Engagement teams to understand business priorities requirements and technology roadmaps.

• Influence technology choices to ensure alignment with security standards and regulatory expectations.

Technology Strategy Innovation & Solution Development

• Evaluate and recommend emerging security technologies tools and platforms to enhance Gileads digital security posture.

• Lead the definition and evolution of security frameworks standards and reference architecture.

• Drive continuous improvement of security processes systems and delivery capabilities.

• Oversee the design and development of new digital security solutions and enhancements to existing capabilities.

Risk Management Compliance & Controls

• Ensure digital solutions meet regulatory risk and compliance requirements across regions (including EU and APAC).

• Partner with Security Architecture & Governance and IT Risk & Compliance teams to define effective control requirements and operational implementation.

• Conduct and oversee security assessments penetration testing vulnerability analysis and remediation efforts.

Operational Leadership & Incident Response

• Guidethe deployment and optimization of security technologies including SIEM IDS/IPS SecOps tools endpoint and network security and firewalls.

• In the event of a cyber incidentlead coordinatedresponsewith SOC IT teams and business partners to contain impact and support recovery.

Metrics Reporting & Communication

• Develop and track key performance indicators that measure the effectiveness of security controls and digital risk posture.

• Create compelling executive presentations that articulate strategy risks solution architectures and roadmaps to senior leaders and stakeholders.

Team Leadership & Talent Development

• Lead and develop ahigh performing globally distributed Security Risk & Compliance team.

• Fosteraninclusive collaborative and innovative team culture aligned with Gileads core values.

• Identify attract andretaintop security talent including management of external partners vendors and academic collaborators.

Capabilities & Requirements

Technical Expertise

• Deep mastery of information security principles architectures and control frameworks.

• Strong understanding of digital security cloud technologiesAIenabledsecurity capabilities and emerging security trends.

• Experience with enterprise identity and access management federated identity SSO and related architectures.

• Proven capability in threat modeling vulnerability management forensics and penetration testing.

Leadership & Business Acumen

• Demonstrated ability to define and articulate a security vision and link it to business priorities.

• Experience serving as a Business Information Security Officer (BISO) or similar security leadership role in a global organization.

• Strong communication influence facilitation and negotiation skills across technical and nontechnical audiences.

• Proventrack recordleading teams managing complex environments and delivering results through collaboration.

Additional Qualifications

• Experience in regulated environments including SOXGxP compliantoperations.

• Background in Pharma or Biotech preferred but not.

Competency

• Strategic Thinking & Business Vision

• Innovation & Continuous Improvement

• Global Mindset

• Stakeholder Management

• Agility Adaptability & Tolerance for Ambiguity

• Influence Persistence & Accountability

• Team Leadership & Talent Development

Education & Experience

• Bachelors degree in computer science Information Systems Business or related field; advanced degree preferred.

• 10 years of experience in IT enterprise applications or business technology functions.

• 45 years of experience in cybersecurity privacy or risk management leadership roles.

• Industry certifications such as CISSP or equivalentstronglypreferred.

• Experience in both established enterprises andhighgrowthenvironments isadvantageous.

Gilead Core Values

• Integrity Doing Whats Right

• Inclusion Encouraging Diversity

• Teamwork Working Together

• Excellence Being Your Best

• Accountability Taking Personal Responsibility

Equal Employment Opportunity

Gilead Sciences is an equal opportunity employer committed to an inclusive and diverse workforce. Applicantsrequiringaccommodationsduring the application process may contactforassistance.