Executive Director, Global Cyber Governance, Risk, and Compliance (GRC)

Accountabilities:

• Lead the organization-wide information security and technology risk framework spanning all locations.
• Prioritize the most meaningful risks and drive treatment plans to closure.

• Lead all aspects of the worldwide cyber regulatory approach and ensure it meets laws regulations and standards. This includes confidentiality information security crucial infrastructure and requirements outstanding to the life sciences sector across jurisdictions.

• Third-Party Risk Governance: Coordinate the management of cyber risk controls for vendors academic collaborators and technology service providers safeguarding the extended ecosystem vital to global operations.

• Cyber Resilience Oversight: Provide governance for incident preparedness crisis response coordination and recovery preparation; ensure cohesive end-to-end resilience outcomes with security operations technology legal privacy and business continuity teams.

• Control Assurance and Ongoing Improvement: Ensure the build and efficiency of cybersecurity and information technology safeguards through continuous validation evaluation and detailed improvement.

• Build lead and advance international cyber risk oversight groups and senior risk advisory panels. Drive cross-functional decisions that align with the organizations risk tolerance and strategic goals.

• Communicate detailed engineering and compliance risk into clear choices for top leadership as well as the Board. Deliver concise high-impact reports on posture trends and material exposures.

• Act as a reliable consultant to the heads of information security information technology risk and compliance functions and legal partners. Represent the company in interactions with regulatory agencies professional associations and peer organizations.

• Distributed Team Leadership: Build lead and develop a high-performing distributed cyber GRC team with clear mission measurable outcomes and strong succession.

• Business Enablement: Incorporate cyber risk within broader enterprise risk management to reduce friction increase confidence and enable faster safer delivery of scientific and commercial outcomes.

Essential Skills/Experience:

• Demonstrated experience establishing and leading an enterprise framework for managing cybersecurity and technological risk across multiple regions and business units.

• Proven ability to integrate cyber risk into enterprise risk management processes aligned with corporate risk appetite and strategicobjectives.

• Track record coordinating third-party cyber risk management across suppliers research partners and technology vendors.

• Ownership of a global cyber regulatory strategy with compliance accountability acrossjurisdictions including privacy data protection criticalinfrastructureand life sciencesspecific requirements.

• Experience acting as the primary executive interface for cyber-related regulatory examinationsauditsand inquiries.

• Evidence of harmonizing compliance controls across regions whilemaintaininglocal regulatory adherence.

• Governance oversight of cyber resilience programs including incident readiness crisismanagementand recovery planning.

• Expertiseensuring control design and effectiveness for cyber and IT controls including ongoing assurancetestingand continuous improvement.

• Experience designingleadingand maturing global cyber risk governance forums and executive risk committees.

• Ability to translate complex technical and regulatory risks into clear actionable insights for senior executives and the Board with concise high-impact reporting.

• Validated leadership building leading and developing a globally distributed team of cyber GRC professionals.

• Experience serving as a trusted advisor to CISO CIO enterprise risk leadership compliance legal and senior business executives.

• Credibilityrepresentingan organization externally with regulators industrybodiesand peer companies.

• Bachelors degree; advanced degree preferred (e.g. MBA MS JD).

• 15 years of progressive experience in cyber security IT risk governance risk and/or compliance roles.

Desirable Skills/Experience:

• Experience in highly regulated science-driven industries such as biopharmahealthcareor critical infrastructure.

• Strong familiarity with global regulatory frameworks and standards (e.g. GDPR and other privacy laws NIS2 HIPAA FDA/EMA expectations ISO/IEC 27001/27701 SOC 2).

• Board-level communication and storytelling that link risk to enterprise value and patient impact.

• Leadership of large-scale control transformation or control harmonization initiatives across regions.

• Depth in third-party and supply chain cyber risk including cloud/SaaS dataplatformsand research collaborations.

• Professional certifications such as CISSP CISM CRISC CIPP/E CIPM or equivalent executive-level credentials.

• Experience aligning cyber resilience with enterprise business continuity and technology recovery programs.

Why AstraZeneca: Join a company where secure digital capabilities directly influence how quickly we bring new medicines to people who need them. Here cyber GRC is not a back-office functionit is a strategic force that underpins discoverydevelopmentand global delivery. You will work with unexpected teams in the same room unleashing bold thinking blendingcutting-edgedata and platforms with rigorous governance to create real-world impact. We areinvesting forscale and speed and we value kindness alongside ambitionempowering experts to take ownership challengeassumptionsand shape how the businessoperates. Your leadership will be visiblevaluedand instrumental in building confidence with regulatorspartnersand patients while enabling the enterprise to move faster with control.

The annual basepayfor this position ranges from227.02480-340.53720USD Annual (80% - 120%). Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors including market location job-related knowledge skills and addition our positions offer a short-term incentive bonus opportunity; eligibility toparticipatein our equity-based long-term incentive program (salaried roles) to receive a retirement contribution (hourly roles) and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program 401(k) plan; paid vacation and holidays; paid leaves; and health benefits including medical prescription drug dental and vision coveragein accordance withthe terms and conditions of the applicable of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired employee will be in an at-will position and the Company reserves the right tomodifybase pay (as well as any other discretionary payment or compensation program) at any time including for reasons related to individual performance Company or individual department/team performance and market factors.

Call to Action: Lead the next chapter of our global cyber resilience and regulatory confidencestep in to shape a safer faster data-powered future that advances science and protects patients.