Executive Director, I.T. Head of Security Architecture, Engineering, and Delivery

Gilead Sciences Inc. is a research-based biopharmaceutical company founded in 1987. Together we deliver life-saving therapies to patients in need. With the commitment and drive you bring to the workplace every day you will be part of a team that is changing the world and helping millions of people live healthier more fulfilling lives. Our worldwide staff is a close community where you can see the tangible results of your contributions where every individual matters and everyone has a chance to enhance their skills through ongoing development. Our scientific focus has resulted in marketed products that arebenefitinghundreds of thousands of people a pipeline of late-stage drug candidates and unmatched patient access programs to ensure medications are available to those who could otherwise not afford them. By joining Gilead you will further our mission to address unmet medical needs and improve life by advancing the care of patients with life-threatening diseases.

Specific Responsibilities & Skills

TheHead of Security Architecture Engineering and Deliveryis amissioncriticalleader responsible for safeguarding the integrity of Gileads scientific data digital assets and operational environments. Reporting to the CISO and serving asDeputy CISO this rolewilldirect the teams that architect engineer and deliver enterprise security capabilities that protect employees patients and the research that fuels Gileads innovation. As a senior member of thecross-functionalSecurity Risk and Compliance organization this leaderwillpartner closely across Security Operations Risk Data Privacy QA Infrastructure Network and Business IT to translate complex and often ambiguous security requirements into clear guidance ensuring the organization can innovate confidently while maintaining a strong security posture.

This is a site based role in Foster City CA at our global headquarters. Remote work is not available for this particular position. We do offer optional work from home days on Monday and Friday with core colaboration days in the office.

This position sits at the forefront of Gileads digital andAIdriventransformation uniquely positioned to design and secure the next generation of research platforms and data environments that accelerate the development and delivery of lifesaving therapies. The Head of Security Architecture Engineering and Delivery combines deepexpertisein security policy regulatory compliance technology strategy and secure development practices with the ability to navigate ambiguity and influence senior stakeholders. Acting as adeputyfor the CISO this leaderwillrepresentsecurity across the enterprise shaping decisions that protect Gilead from evolving cyber threats and strengthening the resilience of the systems and data that patients and employees depend on.

The Head of Security Architecture Engineering and Deliverywill be expected todemonstrate:

• Domain Expertise:Expert level knowledge of Cyber Security capability areas including Risk assessment and management Identity and Access Management Endpoint Security Network Security Platform Security and applicationsecurity.Able to function as a Deputy CISO.

• Strategic mindset with the ability to execute:Defineand deliver against security strategy to protect Gileadimplementsautomation anddrives foroperational efficiencies.

• Technology Strategyand Delivery:-PositionSecurity asakey requirement to support businessoperations andunderstand the value of scalable and efficient technical solutions that provide visibility to threatsandallowsteam theability to quickly respond to and block threats with low operational overhead and technical debt.

• Business Partnership-Serve as a trusted advisor to leaders within Business functions andIT andsupports their mission. Partner with senior IT Security leadership to create technology strategies that support theobjectivesof their functions. Understand the value drivers of the Business andensuresIT Security solutionsconsiderthebalance between Security and User experience.Strong ability to partner with Managed Service providers and manage them toagreeupon outcomes.

• Financial Stewardship:Manage andcontainproject delivery costsand partner withthe SecurityOperations leadto ensure ongoing cost is well understood andmanaged.

• Leadership:Proven ability to build develop and lead teams and rally organization around the vision

ESSENTIAL JOB FUNCTIONS:

Keyresponsibilities for this position include (but are not limited to):

• Manage team to developupdate& maintaininformation security standardsand reference architecture.

• Leadandmanage the SecurityEngineering team to deliver on Security capabilities

• Leadandmanagethe Security Project Delivery team including Program and Project managers Business analysts and technical delivery engineers

• Lead and manage the Cyber Fusion Center operations processes and be able to run the incident command and lead the incident investigations

• Present the Security Investment portfolio to IT and businessleaders andcommunicate the value ofsecurityinvestment.

• Lead and manage our Managed Service Provider solution delivery team to deliver on Security sustainment and investment projects.

• Support Merger&Acquisition relatedactivities

• Ensure IT activities processes and procedures meet defined requirementspoliciesand regulations

• Work with Internal Audit Project Managers System Managers and Engineers - Track project findingsidentifyand resolve issues analyze evidence communicate with stakeholders andfacilitatethe completion of cybersecurityrelated projects

• Participate in other activities relating toinformationsecurityor other functional areas as assigned

SKILLS & EXPERIENCE

• Bachelor of Science degree in management information systems computer scienceengineeringoranotherIT-related major is

• 16 years of relevant experienceor 14 years within masters or PhD

• 12 years of cybersecurity professional experience risk management and governance practice

• Information security related certifications such as CISSP CRISC CCSP GIACetc.

• A minimum of 8-10 years of leadership responsibilities.

• Strong understanding of a wide variety of cybersecurity technologies relating tothe following security domains: Audit and Monitoring Risk Response & Recovery SIEM vulnerability management Cryptography Data Communications Computer Operations Security Telecommunications & Network Security Security Architecture & Models cloud securityMulti-Factor AuthenticationPasswordlessAuthentication Digital Rights Management PKISecurity for AI and AI for Security solutions

• Strong understanding ofNIST cyber security and MITRE attackframeworks

• Deepknowledge of IT Security and Privacy concepts and controls and ability to develop security standards and guidelines based on best practices and industry standards

• Able to lead teams throughan incident frominitialresponse stakeholder communicationsanddiagnosisto immediate and long-termremediationplans and activities

• Knowledge of information security risk management frameworks and compliance practices

• Knowledge of securing network technologies client and server operating systems

• Strong knowledge of Secure Software Development Lifecycle (SDLC) processes and methodologies

• Excellent interpersonal communication and presentation skills includingformalwriting experience

• Understanding of common security standards and healthcare related regulations and data privacy

• Ableto assess complex multi-location projects as well asidentifyand recommendappropriate correctivemeasures to resolve security and privacy related issues

• Strong customer service orientation and the ability to project that attitude to customers in remote locations

• Previouswork experience in a Biopharma organization is a plus

• Previouswork experience in a cloud centric environment is a plus

• PreviousDeputy CISO or equivalent experience is a plus